Skip to main content

โญ Repository โ†’ ๐Ÿ“ Compliance Engine โ†’ ๐Ÿ“ CloudAware โ†’ ๐Ÿ“ AWS โ†’ ๐Ÿ“ WorkSpaces

๐Ÿ›ก๏ธ AWS WorkSpace is unused๐ŸŸข

Logicโ€‹

Descriptionโ€‹

Open File

Descriptionโ€‹

This policy identifies AWS WorkSpaces that are considered unused. A WorkSpace is considered unused if it remains in an AVAILABLE or STOPPED state without any user connections for 30 days or more.

Rationaleโ€‹

AWS WorkSpaces incur costs whether they are actively used, or automatically stopped (which still generates a stopped-instance fee). Maintaining idle WorkSpaces unnecessarily increases expenses. Furthermore, unused but running WorkSpaces may not be regularly patched or monitored, creating potential security vulnerabilities and expanding the attack surface of the environment.

Auditโ€‹

This policy flags an AWS WorkSpaces as INCOMPLIANT if it is in either the AVAILABLE or STOPPED State and the Last Known User Connection Timestamp is empty or older than 30 days.

Remediationโ€‹

Open File

Remediationโ€‹

Terminate unused AWS WorkSpaces to reduce costs and minimize security risks. Before proceeding, ensure that any important data is backed up, as termination is irreversible.

Terminate a WorkSpaceโ€‹

Warningโ€‹

Terminating a WorkSpace is a permanent action. All associated user data will be destroyed and cannot be recovered. To safeguard important information, ensure user data is backed up prior to termination. For help with backing up user data, contact AWS Support.

From AWS CLIโ€‹
aws workspaces terminate-workspaces \
    --terminate-workspace-requests {{workspace-ids}}

policy.yamlโ€‹

Open File

Linked Framework Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
๐Ÿ’ผ Cloudaware Framework โ†’ ๐Ÿ’ผ Waste Reduction25no data