Security Best Practices in Amazon WorkSpaces Applications

Cloud security at Amazon Web Services (AWS) is the highest priority. Security and compliance is a shared responsibility between AWS and the customer. For more information, refer to the Shared Responsibility Model. As an AWS and WorkSpaces Applications customer, it is important to implement security measures on different layers such as stack, fleet, image, and networking.

Due to its ephemeral nature, WorkSpaces Applications is often preferred as a secure solution to application and desktop delivery. Consider whether antivirus solutions that are commonplace in Windows deployments are relevant in your use cases for an environment that is predefined and purged at the end of a user session. Antivirus adds overhead to virtualized instances, making it is a best practice to mitigate unnecessary activities. For example, scanning the system volume (which is ephemeral) at boot, for instance, does not add to the overall security of WorkSpaces Applications.

The two key questions for security WorkSpaces Applications are centered on:

Is persisting user state beyond the session a requirement?
How much access should a user have within a session?

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Example: WorkSpaces Applications Application Amazon S3 bucket policy cross-service confused deputy prevention

Securing Persistent Data