Ensure that the number of Amazon WorkSpaces instances provisioned in your AWS account has not reached the limit quota established by your organization for the WorkSpaces workload deployed. By default, Cloud Conformity sets a threshold value of 50 for the maximum number of provisioned instances but you also have the capability to adjust this threshold on your Cloud Conformity dashboard, based on your needs. Once you define your own threshold for the maximum number of WorkSpaces instances that you need to run across all AWS regions, Cloud Conformity engine will start to continuously check your account for WorkSpaces instances and when the number of instances reach the specified count (threshold) you will get notified via communication channels configured within your Cloud Conformity account. If the WorkSpaces limit quota defined for your AWS account is reached, you can create an AWS support case to request limiting the number of provisioned WorkSpaces instances.
This rule can help you with the following compliance standards:
- APRA
- MAS
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Sustainability 
Security Monitoring and configuring limits for the maximum number of WorkSpaces instances provisioned within your AWS account will help you to manage better your WorkSpaces compute resources and prevent unexpected charges on your AWS bill. For example, users within your organization can create a lot more WorkSpaces instances than the number established in the company policy regarding resources, exceeding the monthly budget allocated for cloud computing. Or if your AWS account gets compromised and the attacker is launching a fleet of WorkSpaces instances which can drive up fast your AWS WorkSpaces service costs.
Note: The threshold for the maximum number of WorkSpaces instances per AWS account set for this conformity rule is 50 (default value).
Audit
To determine the number of WorkSpaces instances currently available in your AWS account, perform the following:
01 Sign in to AWS Management Console.
02 Navigate to WorkSpaces dashboard at https://console.aws.amazon.com/workspaces/.
03 In the left navigation panel click WorkSpaces to access the instances listing page.
04 Check the total number of AWS WorkSpaces instances available in the current AWS region, listed in the top-right section of the dashboard, e.g.
05 Change the AWS region from the navigation bar and repeat step no. 4 for all other regions. If the total number of WorkSpaces instances provisioned in your AWS account is greater than 50, the recommended threshold was exceeded, therefore you must take action and raise an AWS support case to limit the number of instances based on your requirements (see Remediation/Resolution section).
Remediation / Resolution
To create an AWS support case in order to request limiting the number of provisioned WorkSpaces instances in your AWS account based on your requirements, perform the following:
Note: Requesting a limit for the number of WorkSpaces instances per region using the AWS API via Command Line Interface (CLI) is not currently supported.References
- AWS Documentation
- Amazon WorkSpaces FAQs
- What Is Amazon WorkSpaces?
- Amazon WorkSpaces Limits
- AWS Command Line Interface (CLI) Documentation
- workspaces
- describe-workspaces
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
WorkSpaces Instances Counts
Risk Level: Medium