WorkSpaces Manager requires an IAM Instance Role associated with the EC2 instance with managed and custom policies in order to reach to other AWS Services. The role will include the following AWS Managed policies
• AmazonWorkSpacesAdmin
• AmazonS3ReadOnlyAccess
• CloudWatchLogsReadOnlyAccess
In addition, we will create some policies manually to be attached to the role. These policies can be named following the naming convention of each part, but we recommend the following names:
• WorkSpacesManagerCostExplorerPolicy
• WorkSpacesManagerPricingPolicy
• WorkSpacesManagerEUCPolicy
• WorkSpacesManagerS3Access
• WorkSpacesManagerCloudwatchPolicy
• WorkSpacesManagerEC2ReadOnlyPolicy
First, we will create all the policies and we include the JSON of each of them below. Then we can create the Role “WorkSpacesManagerRole” and attach the policies.
Post your comment on this topic.