By using AWS re:Post, you agree to the Terms of Use

How to limit Workdocs access for only AWS Workspace


Thanks for any help,

I know we can limit workdocs access by IP, but currently even if I'm accessing it from my AWS Workspace machine, the IP used to access workdocs is a public IP, and although the IP for each of the AWS workspace machines seems to not change, there seems to be no logic, so every time I create a new workspace I need to wait for the user to login to get their public IP to add to the allow list of my workdocs domain.

Is there a way to wither make all workspace machines use public IPs from the same pool or to make them access my workdocs using their private IP so I can allow all their private IPs and be done with this instead of configure on a per machine basis?

thanks for any help on this.

1 Answers

To clarify, each of your WorkSpaces has an Internet-facing IP addressing?

Generally WorkSpaces aren't themselves internet-facing, and customers use a NAT gateway on the VPC to provide them access to the Internet, without exposing each individual instance directly to the Internet. In that scenario, you should be able to enforce WorkDocs access to the public IP of the NAT, and all WorkSpaces (and other resources within the VPC that use that NAT) would be able to access WorkDocs.

answered 4 months ago
  • that is a good idea, I added the workspace in an already existing VPC

    I'll try to change it so that VPC uses NAT to access internet

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions