Amazon WorkSpaces directories should restrict internet access or enforce MFA

amazon-workspaces
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

Restrict access to Amazon WorkSpaces by configuring IP access control groups, enabling SAML authentication, or configuring RADIUS-based MFA in AWS Directory Service. These controls reduce exposure to direct internet access and strengthen authentication for directory logins.

Remediation

Configure IP access control groups for the WorkSpaces directory to allow only approved IP ranges. If using federated authentication, enable SAML authentication and enforce MFA in the identity provider for all WorkSpaces logins. If using AWS Directory Service, configure RADIUS to enforce MFA. For guidance, refer to WorkSpaces access control and MFA options.