Amazon WorkSpaces directories should restrict internet access or enforce MFA

amazon-workspaces
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

Restrict access to Amazon WorkSpaces by configuring IP access control groups, enabling SAML authentication, or configuring RADIUS-based MFA in AWS Directory Service. These controls reduce exposure to direct internet access and strengthen authentication for directory logins.

Remediation

Configure IP access control groups for the WorkSpaces directory to allow only approved IP ranges. If using federated authentication, enable SAML authentication and enforce MFA in the identity provider for all WorkSpaces logins. If using AWS Directory Service, configure RADIUS to enforce MFA. For guidance, refer to WorkSpaces access control and MFA options.