AWS workspaces documentation change
Summary
Increased limits for IP access control groups: maximum rules per group (10 → 30), groups per Region (100 → 140), and associated groups per directory (25 → 35)
Security assessment
The changes increase operational quotas for a security-related feature (IP-based access control), but do not address a specific vulnerability or weakness. While IP access control groups are a security mechanism, the updates focus on scaling limits rather than patching a security issue.
Diff
diff --git a/workspaces/latest/adminguide/amazon-workspaces-ip-access-control-groups.md b/workspaces/latest/adminguide/amazon-workspaces-ip-access-control-groups.md index 52e1d3662..f30c5f73d 100644 --- a//workspaces/latest/adminguide/amazon-workspaces-ip-access-control-groups.md +++ b//workspaces/latest/adminguide/amazon-workspaces-ip-access-control-groups.md @@ -11 +11 @@ Amazon WorkSpaces allows you to control which IP addresses your WorkSpaces can b -An _IP access control group_ acts as a virtual firewall that controls the IP addresses from which users are allowed to access their WorkSpaces. To specify the CIDR address ranges, add rules to your IP access control group, and then associate the group with your directory. You can associate each IP access control group with one or more directories. You can create up to 100 IP access control groups per Region per AWS account. However, you can only associate up to 25 IP access control groups with a single directory. +An _IP access control group_ acts as a virtual firewall that controls the IP addresses from which users are allowed to access their WorkSpaces. To specify the CIDR address ranges, add rules to your IP access control group, and then associate the group with your directory. You can add up to 30 rules per IP access control group and can associate each IP access control group with one or more directories. You can create up to 140 IP access control groups per Region per AWS account. However, you can only associate up to 35 IP access control groups with a single directory. @@ -34 +34 @@ You can use this feature with Web Access, PCoIP zero clients, and the client app -You can create an IP access control group as follows. Each IP access control group can contain up to 10 rules. +You can create an IP access control group as follows. Each IP access control group can contain up to 30 rules.