Can I set a security group for each workspace that is launched?

Hi,

When you register a directory with WorkSpaces, it creates two security groups, one for directory controllers and another for WorkSpaces in the directory. The security group for directory controllers has a name that consists of the directory identifier followed by **_controllers **(for example, d-12345678e1_controllers). The security group for WorkSpaces has a name that consists of the directory identifier followed by _workspacesMembers (for example, d-123456fc11_workspacesMembers).

You can add a default WorkSpaces security group to a WorkSpaces directory. After you associate a new security group with a WorkSpaces directory, new WorkSpaces that you launch or existing WorkSpaces that you rebuild will have the new security group. When you associate multiple security groups with a WorkSpaces directory, the rules from each security group are effectively aggregated to create one set of rules.

To add a security group to an existing WorkSpace without rebuilding it, you assign the new security group to the elastic network interface (ENI) of the WorkSpace. Security Groups

You can use the Amazon WorkSpaces API to programmatically launch the WorkSpaces, find the ENI assigned, and assign security groups to the ENI belonging to the WorkSpace. In your example you can use the API to launch 1 workspace has security group A attached to ENI, and launch another workspace and assign security group B to the ENI.