Add Amazon WorkSpaces

Amazon WorkSpaces are virtual cloud desktops that run in Amazon Web Services (AWS). You can protect them with Deep Security following the instructions in one of these sections:

The Deep Security Agent only supports Amazon WorkSpaces Windows desktops—it does not support Linux desktops.

After completing the steps in one of the above-mentioned sections:

  • your Amazon WorkSpaces are displayed in Deep Security Manager on the left under Computers your_AWS_account > your_region > WorkSpaces
  • your Amazon WorkSpaces are protected by the Deep Security Agent

Protect Amazon WorkSpaces if you already added your AWS account

If you already added your AWS account to Deep Security Manager (to protect your Amazon EC2 instances), complete the steps in this section to configure Deep Security to work with Amazon WorkSpaces.

  1. Upgrade Deep Security AMI from AWS Marketplace to version 10.3 or later. See Upgrade the Deep Security Manager AMI.
  2. Launch an Amazon WorkSpace, and then install and activate Deep Security Agent 10.2 or later on it. See Install the agent on Amazon EC2 and WorkSpaces for details. Optionally, create a custom WorkSpace bundle so that you can deploy it to many people. See Bake the agent into your AMI or WorkSpace bundle for details on installation, activation, and bundle creation.
  3. Modify your IAM policy to include Amazon WorkSpaces permissions:
    1. Log in to AWS with the account that was added to Deep Security Manager.
    2. Go to the IAM service.
    3. Find the Deep Security IAM policy. You can find it under Policies on the left, or you can look for the Deep Security IAM role or IAM user that references the policy and then click the policy within it.
    4. Modify the Deep Security IAM policy to look like the one shown in Add AWS cloud accounts. The policy includes Amazon WorkSpaces permissions. If you added more than one AWS account to Deep Security, the IAM policy must be updated under all the AWS accounts.
  4. In Deep Security Manager, edit your AWS account:
    1. On the left, right-click your AWS account and select Properties.
    2. Enable Include Amazon WorkSpaces.
    3. Click Save.

You have now added Amazon WorkSpaces to Deep Security.

Protect Amazon WorkSpaces if you have not yet added your AWS account

If you have not yet added your AWS account to Deep Security Manager, complete the steps in one of the following sections: