AWS workspaces documentation change
Summary
Added IAM policy example with SAML-based access control for Workspaces streaming
Security assessment
The new IAM policy example demonstrates security feature implementation (attribute-based access control) but doesn't address a specific vulnerability. It enhances documentation of security controls without fixing an existing issue.
Diff
diff --git a/workspaces/latest/adminguide/create-directory-pools.md b/workspaces/latest/adminguide/create-directory-pools.md index 3279d274f..dfce352e1 100644 --- a//workspaces/latest/adminguide/create-directory-pools.md +++ b//workspaces/latest/adminguide/create-directory-pools.md @@ -194,0 +195,21 @@ For resources in AWS GovCloud (US) Regions, use the following format for the ARN +JSON + + +**** + + + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "workspaces:Stream", + "Resource": "arn:aws:workspaces:<region-code>:<account-id>:directory/<directory-id>", + "Condition": { + "StringEquals": {"workspaces:userId": "${saml:sub}"} + } + } + ] + } + +