AWS WorkSpaces (IAM)
JSON →Amazon WorkSpaces provides a fully managed, secure Desktop-as-a-Service (DaaS) solution to provision virtual desktops in the cloud.
Common permissions
workspaces:DescribeWorkspacesworkspaces:DescribeWorkspacesPoolsworkspaces:DescribeWorkspaceBundlesworkspaces:DescribeWorkspaceImagesworkspaces:DescribeIpGroupsworkspaces:DescribeAccountworkspaces:DescribeTagsworkspaces:DescribeConnectionAliases Least-privilege example
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"workspaces:DescribeWorkspaces",
"workspaces:DescribeWorkspacesPools",
"workspaces:DescribeWorkspaceBundles",
"workspaces:DescribeWorkspaceImages",
"workspaces:DescribeIpGroups",
"workspaces:DescribeAccount",
"workspaces:DescribeTags",
"workspaces:DescribeConnectionAliases"
],
"Resource": "*"
}
]
} Warnings
- Avoid workspaces:* — grants full control including creating, modifying, and deleting WorkSpaces, images, and bundles
- Avoid workspaces:CreateWorkspaces and workspaces:StopWorkspaces — can provision or disrupt virtual desktops without proper authorization
Resources
API
full doc /v1/iam/workspaces