Allow Access to Amazon Workspaces Using Static IP Addresses | Company Name

Secure Access to Amazon Workspaces with Static IP Addresses

Prev Question Next Question

Question

Your company is planning to test out Amazon workspaces for their account.

They are going to allocate a set of workstations with static IP addresses for this purpose.

They need to ensure that only these IP addresses have access to Amazon Workspaces.

How can you achieve this?

Answers

A. Create an IP access control group.

B. Place a WAF in front of Amazon Workspaces.

C. Specify the IP addresses in the NACL.

D. Specify the IP addresses in the Security Group.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - A.

The AWS Documentation mentions the following.

An IP access control group acts as a virtual firewall that controls the IP addresses from which users are allowed to access their WorkSpaces.

You can associate each IP access control group with one or more directories.

You can associate up to 25 IP access control groups with each directory.

Option B is incorrect because a WAF can only be placed in front of an Application Load balancer or a Cloudfront distribution.

Options C and D are incorrect since these are used for traffic control to subnets and EC2 Instances.

For more information on restricting access, one can visit the below URL.

https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces-ip-access-control-groups.html

The correct answer for this question is D. Specify the IP addresses in the Security Group.

Explanation:

Amazon Workspaces is a fully managed desktop computing service in the cloud, which allows you to provision Windows or Linux desktops for your users in minutes. To secure access to Amazon Workspaces, you can use security groups, which act as virtual firewalls controlling inbound and outbound traffic at the instance level.

When you launch a WorkSpaces directory, Amazon WorkSpaces creates a default security group that allows traffic to and from the internet on ports 80 and 443. To restrict access to only specific IP addresses, you can create a custom security group, and specify the IP addresses in the inbound rules of the security group.

Here are the steps to achieve this:

Open the Amazon WorkSpaces console.
Choose the directory that you want to modify.
Choose the Security groups tab.
Choose Create security group.
In the Inbound tab, choose Add Rule.
Specify the IP addresses or IP address range that you want to allow access to, and choose the protocol and port number that you want to allow traffic for.
Choose Create security group.

Once you have created the security group, you can associate it with the WorkSpaces directory to restrict access to only the specified IP addresses.

Therefore, option D is the correct answer for this question. Option A is incorrect because IP access control groups do not exist in Amazon WorkSpaces. Option B is incorrect because a WAF (Web Application Firewall) is used to protect web applications from common web exploits and vulnerabilities. Option C is incorrect because NACLs (Network Access Control Lists) control traffic at the subnet level, not the instance level, and are not suitable for restricting access to specific IP addresses.

Prev Question Next Question