Set up IP access controls (optional) - Amazon WorkSpaces Secure Browser
Create an IP access control groupAssociate an IP access setting with a web portalEdit an IP access control groupDelete an IP access control group

Set up IP access controls (optional)

WorkSpaces Secure Browser allows you to control which IP addresses your web portal can be accessed from. By using IP access settings, you can define and manage groups of trusted IP addresses, and only allow users to access their portal when they're connected to a trusted network.

By default, WorkSpaces Secure Browser allows users to access their web portal from anywhere. An IP access control group acts as a virtual firewall that filters which IP address a user can use to connect to the web portal. When associated with your web portal, IP access settings will detect the user IP before authentication to determine whether they are eligible to connect. Once connected, WorkSpaces Secure Browser continuously monitors a user's IP address to ensure they remain connected from a trusted network. If a user's IP changes, WorkSpaces Secure Browser will detect and terminate the session.

To specify the CIDR address ranges, add rules to your IP access control group, and then associate the group with your web portal. You can associate each IP access setting with one or more web portals. To specify the public IP addresses and ranges of IP addresses for your trusted networks, add rules to your IP access control groups. If your users access their web portal through a NAT gateway or VPN, you must create rules that allow traffic from the public IP addresses for the NAT gateway or VPN.

Note

Customers are responsible for understanding the potential legal issues that arise with their use of WorkSpaces Secure Browser, and must ensure that their use of WorkSpaces Secure Browser complies with all applicable laws and regulations. This includes laws that regulate an employer's ability to monitor an employee's use of WorkSpaces Secure Browser, including activities performed within the application.

Create an IP access control group

To create an IP access control group, follow these steps.

  1. Open the WorkSpaces Secure Browser console at https://console.aws.amazon.com/workspaces-web/home?region=us-east-1#/.

  2. In the navigation pane, choose IP access controls.

  3. Choose Create IP access control group.

  4. In the Create IP access control group dialog box, enter a name (required) and description (optional) for the group.

  5. Enter the IP address or CIDR IP range that will be associated to Source, and a Description (optional).

  6. Under Tags, choose whether to tag a key value pair for each IP access control group.

  7. When you are done adding rules and tags, choose Save.

Associate an IP access setting with a web portal

To associate an IP access control group with an existing web portal, follow these steps.

  1. Open the WorkSpaces Secure Browser console at https://console.aws.amazon.com/workspaces-web/home?region=us-east-1#/.

  2. In the navigation pane, choose Web portals.

  3. Select the web portal, and choose Edit.

  4. Under IP access control group, and select the IP access control groups for the web portal.

  5. Choose Save.

To associate an IP access control group when creating a new web portal, follow these steps.

  1. Complete steps 1 through 4 in Configure portal settings to access IP Access Control (optional).

  2. Choose Create IP access controls.

  3. In the Create IP Group dialog box, enter a name (required) and description (optional) for the group.

  4. Enter the IP address or CIDR IP range that will be associated to Source, and a Description (optional).

  5. Under Tags, choose whether to tag a key value pair for each IP access control group.

  6. When you are done adding rules and tags, choose Create IP access control.

  7. Your IP access control group will be associated to this web portal when launched.

Edit an IP access control group

You can delete a rule from an IP access setting at any time. If you remove a rule that was used to allow a connection to a web portal, any users with a current session will be disconnected from the web portal.

To edit an IP access control group, follow these steps.

  1. Open the WorkSpaces Secure Browser console at https://console.aws.amazon.com/workspaces-web/home?region=us-east-1#/.

  2. In the navigation pane, choose IP access controls.

  3. Select the group and choose Edit.

  4. Edit the existing rules Source and Description (optional), or add additional rules.

  5. Under Tags, choose whether to tag a key value pair for each IP access control group.

  6. When you are done adding rules and tags, choose Save.

  7. If you updated an existing IP access setting, wait up to 15 minutes for the new or edited rule to take effect.

Delete an IP access control group

You can delete a rule from an IP access control group at any time. If you remove a rule that was used to allow a connection to a web portal, any users with a current session will be disconnected from the web portal.

To delete an IP access control group, follow these steps.

  1. Open the WorkSpaces Secure Browser console at https://console.aws.amazon.com/workspaces-web/home?region=us-east-1#/.

  2. In the navigation pane, choose IP access control group.

  3. Select the group and choose Delete.