AWS Workspaces - Unable to provide Console Access to IAM user
Question
I want an IAM user to have read/List access and start/stop access to AWS workspaces. Hence I've created a simple IAM policy which grants all read and list actions.
but this was not enough. I was displayed with an error message An Error Has Occurred There was an error retrieving information about your WorkSpaces. Upon investigating cloudtrail, I found that the user need read/list permissions to KMS and AWSDirectory Service. Hence granted that too but when I login again, I still see the same error. Even tried attaching EC2 full access too but still the same error. Is this a potential bug? The same issue has been discussed in AWS forum too but no resolution there. https://forums.aws.amazon.com/thread.jspa?threadID=236408
KMS policy and Directory service policy below.
DS:
KMS:
Error Screenshot:
2 answers
solution1
1 2021-07-20 05:13:36
I've found the solution for this. AWS has bizarre limitation where if you want to access workspaces via console, then you need to give full access ( workspaces:* ) only. Below is a screenshot from the document that states this. Highly disappointed with AWS regarding this limitation. https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-access-control.html
solution2
0 2021-07-19 21:57:09
Have you tried a policy similar to the one in the documentation . It includes some services in addition to the once you have tried already.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.