AWS Security ChangesHomeSearch

AWS workspaces documentation change

Service: workspaces · 2026-05-16 · Documentation low

File: workspaces/latest/adminguide/create-directory-pools.md

Summary

Added IAM policy example with SAML-based access control for Workspaces streaming

Security assessment

The new IAM policy example demonstrates security feature implementation (attribute-based access control) but doesn't address a specific vulnerability. It enhances documentation of security controls without fixing an existing issue.

Diff

diff --git a/workspaces/latest/adminguide/create-directory-pools.md b/workspaces/latest/adminguide/create-directory-pools.md
index 3279d274f..dfce352e1 100644
--- a//workspaces/latest/adminguide/create-directory-pools.md
+++ b//workspaces/latest/adminguide/create-directory-pools.md
@@ -194,0 +195,21 @@ For resources in AWS GovCloud (US) Regions, use the following format for the ARN
+JSON
+    
+
+****
+    
+    
+        {
+        "Version": "2012-10-17", 
+        "Statement": [
+            {
+                "Effect": "Allow",
+                "Action": "workspaces:Stream",
+                "Resource": "arn:aws:workspaces:<region-code>:<account-id>:directory/<directory-id>",
+                "Condition": {
+                    "StringEquals": {"workspaces:userId": "${saml:sub}"}
+                }
+            }
+        ]
+    }
+    
+