Determine if your existing AWS WorkSpaces bundles have the desired type established by your organization based on the workload deployed. A bundle defines the hardware and software for AWS WorkSpaces. When you launch a WorkSpaces instance, you select a predefined or a custom bundle that meets your needs. AWS WorkSpaces make available a choice of service bundles providing different hardware and software options. You can choose from predefined Value, Standard, Performance, Power or Graphics bundles that offer different CPU, GPU, memory and storage resources (SSD volumes). Cloud Conformity provides you with the capability to define the desired bundle types based on your workload requirements upon enabling this conformity rule.
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Setting limits for the type of AWS WorkSpaces bundles will help you address internal compliance requirements and prevent unexpected charges on your AWS monthly bill.
Note 1: You can also limit your Amazon WorkSpaces bundles to the desired type using AWS Organizations service by implementing your own Service Control Policy on the master account. A Service Control Policy (SCP) is a type of policy that you can use to manage your organization. SCPs enable you to restrict what resources, services and actions the users, groups, and roles in those AWS accounts can use.
Note 2: The desired WorkSpaces bundle type used as example in conformity this rule is Standard. To meet your own organizational requirements, you will need to configure this rule with your desired bundle types.
To determine if the existing WorkSpaces bundles provisioned within your AWS account have the required type, perform the following:
Remediation / Resolution
To limit the new AWS WorkSpaces instances to the desired bundle type, raise an AWS support case where you explain why you need this type of limitation. For any existing WorkSpaces instances launched without the desired bundle type, just backup (clone) the necessary instances and re-create them using the desired bundle type.
To create the required AWS support case, perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
WorkSpaces Desired Bundle Type
Risk level: Medium