- 최신
- 최다 투표
- 가장 많은 댓글
Hello,
Sharing credentials for a single WorkSpace across multiple users might be a little risky due to security concerns and goes against AWS best practices. Each user should have a dedicated workspace
A single-user account can launch multiple WorkSpaces though. So you could launch 4 separate WorkSpaces, one for each employee, and assign them accordingly based on their schedule
You might find these links helpful --
https://docs.aws.amazon.com/workspaces/latest/adminguide/administer-workspace-users.html
https://stackoverflow.com/questions/57570016/can-multiple-users-utilise-the-same-amazon-workspace
https://repost.aws/questions/QUueiEZR5bSHmOIxZApvFxRg/creating-multiple-workspaces-for-a-single-user
https://docs.aws.amazon.com/workspaces/latest/adminguide/create-multiple-workspaces-for-user.html
Thanks
WorkSpaces have 1:1 mapping so you only get a single set of credentials. You still have these options which are not recommended.
- Share the same credentials with multiple users and that will enable them to connect to the WorkSpace but one user at a time. This is a non-complaint and you will never now who made a change.
- Use RDP to connect to your WorkSpaces, this is something we don't recommend. We only use RDP when we troubleshoot a WorkSpaces.
What is recommended and is right:
-
4 WorkSpaces in Auto-Stop mode for 4 users This way we will not be sharing credentials and following any unconventional way to connect. Auto-Stop will help to save some cost as you mentioned use will be connecting whenever they are at the booth.
-
Deploy one EC2 instance in public subnet, create 4 local user profiles enable RDP by configuring the security group and NACL rules. This will cost you less as you will be sharing the resource and it requires less admin efforts then creating a WorkSpace however, the instance will be in public subnet exposed to the internet (unless you fine grain security group).
I will choose the EC2 path to save cost by sharing the same machine and only enabling inbound traffic my the public IP address on RDP port 3389 from a single machine.
