Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Using Amazon service control policy to restrict Amazon Workspaces with encypted volumes

0

I'm trying to create a service control policy to restrict creating Amazon Workspaces only with encrypted volumes. For example:

{
	"Effect": "Deny",
	"Action": [
		"workspaces:CreateWorkspaces"
	],
	"Condition": {
		"ForAnyValues:Bool": [
		        {"workspaces:UserVolumeEncryptionEnabled": "false"},
	            {"workspaces:RootVolumeEncryptionEnabled": "false"}
	    ]
	},
	"Resource": [
		"*"
	]
}

However, the service control policy editor gives me an error: "The provided policy document does not meet the requirements of the specified policy type." Why is this happening?

Topics
End User Computing
Tags
Amazon WorkSpaces
Language
English
asked 5 years ago440 views
1 Answer
0
Accepted Answer

Amazon WorkSpaces doesn't have any service level condition keys that you can use with a service control policy. Therefore, specifying the "workspaces:userVolumeEncryptionEnabled" as a condition in your policy will cause an error. For more information, see Specify WorkSpaces resources in an IAM policy.

AWS
EXPERT
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content