AWS workspaces-web documentation change
Summary
Replaced 'User access logging' with 'Session Logger' using S3 for logs instead of Kinesis, added IP Access Control, Data Protection Settings, URL filtering, and reorganized policy management sections.
Security assessment
The changes introduce documentation for security features like session logging to S3, IP access restrictions, data redaction policies, and URL filtering. These are proactive security controls rather than fixes for existing vulnerabilities. No evidence of addressing a specific security incident.
Diff
diff --git a/workspaces-web/latest/adminguide/portal-settings.md b/workspaces-web/latest/adminguide/portal-settings.md index cebb5bf31..38303f135 100644 --- a//workspaces-web/latest/adminguide/portal-settings.md +++ b//workspaces-web/latest/adminguide/portal-settings.md @@ -17 +17 @@ Selecting a new instance type will change the cost for each monthly active user. - 3. Under **User access logging** , for **Kinesis stream ID** , select the Amazon Kinesis data stream you want to send your data to. For more information, see [Setting up user activity logging in Amazon WorkSpaces Secure Browser](./user-logging.html). + 3. Under **Session Logger** , you can specify a S3 bucket for storing session log files. For more information, see [Setting up Session Logger for Amazon WorkSpaces Secure Browser](./session-logger.html). **This is optional.** @@ -19 +19 @@ Selecting a new instance type will change the cost for each monthly active user. - 4. Under **Policy settings** , complete the following: + 4. Under **User access logging** , for **Kinesis stream ID** , select the Amazon Kinesis data stream you want to send log files to. For more information, see [Setting up user activity logging in Amazon WorkSpaces Secure Browser](./user-logging.html). **This is optional.** @@ -21 +21 @@ Selecting a new instance type will change the cost for each monthly active user. - * For **Policy options** , select **Visual editor** or **JSON file upload**. You can use either method to provide the policy configuration details for your web portal. For more information, see [Managing browser policy in Amazon WorkSpaces Secure Browser](./browser-policies.html). + 5. Under **IP Access Control** , choose whether to restrict access to trusted networks. For more information, see [Managing IP access controls in Amazon WorkSpaces Secure Browser](./ip-access-controls.html). **This is optional.** @@ -23 +23 @@ Selecting a new instance type will change the cost for each monthly active user. - * WorkSpaces Secure Browser includes support for Chrome enterprise policies. You can add and manage policies with either a visual editor or a manual upload for policy files. You can switch between either option at any time. + 6. Under **Data Protection Settings** , you can create policies for WorkSpaces Secure Browser to redact sensitive information. For more information, see [Managing data protection settings in Amazon WorkSpaces Secure Browser](./data-protection-settings.html). **This is optional**. @@ -25 +25 @@ Selecting a new instance type will change the cost for each monthly active user. - * When you upload a policy file, you can see the available policies in the file in the console. However, you can't edit all policies in the visual editor. The console lists policies in your JSON file that you can't edit with the visual editor under **Additional JSON policies**. To make changes to these policies, you must edit them manually. + 7. Under **URL filtering** , you can specify which URLs end users are allowed to access or block specific URLs or domain categories to restrict access. For more information, see [Web content filtering in Amazon WorkSpaces Secure Browser](./web-content-filtering.html). **This is optional.** @@ -27 +27,9 @@ Selecting a new instance type will change the cost for each monthly active user. - * (Optional) For **Startup URL - optional** , enter a domain to use as the homepage when users launch their browser. Your VPC must have a stable connection to this URL. + 1. To restrict session browsing to a few selected domains, enable the toggle **Block all URLs** and click **add URL** to provide the list of URLs your end users are allowed to access. + + 2. To create a list of URLs to block for end users, click **Add URL** to list the single URLs to block or click **Add categories** to select categories of domains that are blocked (e.g., Social Networking). + + 8. Under **Policy settings** , you can set any browser policy using Chrome policies available for the latest stable version to the web portal. For more information, see [Managing browser policy in Amazon WorkSpaces Secure Browser](./browser-policies.html). **This is optional.** + + 1. You can quickly select some of the most common policies in the **Visual editor** + + * For **Startup URL - optional** , enter a domain to use as the homepage when users launch their browser. Your VPC must have a stable connection to this URL. @@ -35,3 +43 @@ URLs visited while browsing privately, or before a user deletes their browser hi - * Under **URL filtering** , you can configure which URLs users can visit during a session. For more information, see [Setting up URL filtering in Amazon WorkSpaces Secure Browser](./url-filtering.html). - - * (Optional) For **Browser bookmarks - optional** , enter the **Display name** , **Domain** , and **Folder** for any bookmarks you want your users to see in their browser. Then, choose **Add bookmark**. + * For **Browser bookmarks - optional** , enter the **Display name** , **Domain** , and **Folder** for any bookmarks you want your users to see in their browser. Then, choose **Add bookmark**. @@ -45 +51,5 @@ In Chrome, users can find managed bookmarks in the **Managed bookmarks** folder - * (Optional) Add **Tags** to your portal. You can use tags to search for or filter your AWS resources. Tags consist of a key and optional value and are associated with your portal resource. + 2. You can also directly add or edit policies by using the JSON editor instead of the visual editor. For the specific format of a policy, please refer to [Chrome Enterprise policy list](https://chromeenterprise.google/policies/). + + 3. You can also import the Chrome policies used in your organization by uploading a JSON file into the web portal. For details, please see [Tutorial: Setting a custom browser policy in Amazon WorkSpaces Secure Browser](./browser-policies-custom.html) + +When you upload a policy file, you can see the available policies in the file in the console. However, you can't edit all policies in the visual editor. The console lists policies in your JSON file that you can't edit with the visual editor under **Additional JSON policies**. To make changes to these policies, you must edit them manually. @@ -47 +57 @@ In Chrome, users can find managed bookmarks in the **Managed bookmarks** folder - 5. Under **IP Access Control (optional)** , choose whether to restrict access to trusted networks. For more information, see [Managing IP access controls in Amazon WorkSpaces Secure Browser](./ip-access-controls.html). + 9. Add **Tags** to your portal. You can use tags to search for or filter your AWS resources. Tags consist of a key and optional value and are associated with your portal resource. **This is optional.** @@ -49 +59 @@ In Chrome, users can find managed bookmarks in the **Managed bookmarks** folder - 6. Choose **Next** to continue. + 10. Choose **Next** to continue.