Add Amazon WorkSpaces
Amazon WorkSpaces are virtual cloud desktops that run in Amazon Web Services (AWS). You can protect them with Workload Security following the instructions in one of these sections:
- Protect Amazon WorkSpaces if you already added your AWS account
- Protect Amazon WorkSpaces if you have not added your AWS account yet
The Deep Security Agent only supports Amazon WorkSpaces Windows desktops—it does not support Linux desktops.
After completing the steps in one of the above-mentioned sections:
- your Amazon WorkSpaces are displayed in the Workload Security console on the left under Computers > your_AWS_account > your_region > WorkSpaces
- your Amazon WorkSpaces are protected by the Deep Security Agent
If you already added your AWS account to Workload Security (to protect your Amazon EC2 instances), complete the steps in this section to configure Workload Security to work with Amazon WorkSpaces.
- Launch an Amazon WorkSpace, and then install and activate Deep Security Agent 10.2 or later on it. See Install the agent on Amazon EC2 and WorkSpaces for details. Optionally, create a custom WorkSpace bundle so that you can deploy it to many people. See Bake the agent into your AMI or WorkSpace bundle for details on installation, activation, and bundle creation.
- Modify your IAM policy to include Amazon WorkSpaces permissions:
- Log in to AWS with the account that was added to Workload Security.
- Go to the IAM service.
- Find the Workload Security IAM policy. You can find it under Policies on the left, or you can look for the Workload Security IAM role or IAM user that references the policy and then click the policy within it.
- Modify the Workload Security IAM policy to look like the one shown in Add an AWS account using a cross-account role. The policy includes Amazon WorkSpaces permissions. If you added more than one AWS account to Workload Security, the IAM policy must be updated under all the AWS accounts.
- In the Workload Security console, edit your AWS account:
- On the left, right-click your AWS account and select Properties.
- Enable Include Amazon WorkSpaces.
- Click Save.
You have now added Amazon WorkSpaces to Workload Security.
If you have not yet added your AWS account to Workload Security, complete the steps in one of the following sections: