π‘οΈ AWS WorkSpace is unusedπ’
- Contextual name: π‘οΈ WorkSpace is unusedπ’
- ID:
/ce/ca/aws/workspaces/workspace-unused - Tags:
- π’ Policy with categories
- π’ Policy with type
- π’ Production policy
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
COST
Logicβ
- π§ prod.logic.yamlπ’
- π AWS WorkSpace
- π AWS WorkSpace - object.extracts.yaml
- π§ͺ test-data.json
Descriptionβ
Descriptionβ
This policy identifies AWS WorkSpaces that are considered unused. A WorkSpace is considered unused if it remains in an
AVAILABLEorSTOPPEDstate without any user connections for 30 days or more.Rationaleβ
Amazon WorkSpaces incur costs whether they are actively used or stopped, which still generates a stopped-instance fee. Maintaining idle WorkSpaces increases expenses. In addition, unused but running WorkSpaces may not be regularly patched or monitored, creating potential security risks and expanding the attack surface.
Auditβ
This policy flags an AWS WorkSpaces as
INCOMPLIANTif it is in either the AVAILABLE or STOPPEDStateand theLast Known User Connection Timestampis empty or older than 30 days.
Remediationβ
Remediationβ
Terminate unused AWS WorkSpaces to reduce costs and minimize security risks. Before proceeding, ensure that any important data is backed up, as termination is irreversible.
Terminate a WorkSpaceβ
Warningβ
Terminating a WorkSpace is a permanent action. All associated user data will be destroyed and cannot be recovered. Ensure user data is backed up before termination. For help with backing up user data, contact AWS Support.
From AWS CLIβ
aws workspaces terminate-workspaces \
--terminate-workspace-requests {{workspace-ids}}
policy.yamlβ
Linked Framework Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| πΌ Cloudaware Framework β πΌ Waste Reduction | 28 | no data |