WorkSpaces Manager requires an IAM Instance Role associated with the EC2 instance with managed and custom policies in order to reach to other AWS Services. The role will include the following AWS Managed policies

• AmazonWorkSpacesAdmin
• AmazonS3ReadOnlyAccess
• CloudWatchLogsReadOnlyAccess

In addition, we will create some policies manually to be attached to the role. These policies can be named following the naming convention of each part, but we recommend the following names:

• WorkSpacesManagerCostExplorerPolicy
• WorkSpacesManagerPricingPolicy
• WorkSpacesManagerEUCPolicy
• WorkSpacesManagerS3Access
• WorkSpacesManagerCloudwatchPolicy
• WorkSpacesManagerEC2ReadOnlyPolicy

First, we will create all the policies and include the JSON of each of them below. Then we can create the Role “WorkSpacesManagerRole” and attach the policies.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment