How do I control access to my WorkSpaces?

2 minute read

I want to set access controls in Amazon WorkSpaces so that specific users or specific IP addresses can access my WorkSpace. How can I do that?


WorkSpaces access is managed in the directory details for your WorkSpace. The Access Control Options settings define the parameters for trusted devices. The IP Access Control Groups settings apply public IP addresses for the client connection.

To access these settings for your WorkSpace, in the WorkSpaces console, choose Directories from the navigation pane. In the Actions dropdown, choose Update Details.

Access Control Options

Use Access Control Options to limit access to your WorkSpace. Do this by specifying the operating systems and certificates installed on the systems, or by choosing client platforms.

To use certificates, you must have an internal certificate authority (CA) and provide two certificates:

  • For the WorkSpaces directory: A root certificate generated by an internal CA.
  • For a client device: An installed client certificate that links to a root certificate for the client device.

For more information about creating and deploying certificates in WorkSpaces, see Restrict WorkSpaces access to trusted devices.

IP Access Control Groups

Use IP Access Control Groups to restrict access based on the public IP address ranges that are allowed to connect to the WorkSpace. The allowed IP ranges are managed with groups created in the IP Access Controls navigation pane.

These are the limitations of using this feature:

  • Up to 25 IP access control groups are allowed with a single directory.
  • 100 IP access control groups are allowed in each AWS Region.

For more information about IP access control groups, see IP access control groups for your WorkSpaces.

Note: To find the public IP address of a user, use

AWS OFFICIALUpdated 2 years ago