Rule Description
Rule Code: AWS-WS-01
Identify and remove any unused AWS WorkSpaces instances available within your AWS account.
An AWS WorkSpaces instance is considered unused if has 0 known user connections registered within the past 30 days.
Audit / Verification
Step 01: Log in to the AWS Management Console.
Step 02: Navigate to WorkSpaces dashboard, click WorkSpaces to access the service instances listing page.
Step 03: Choose the WorkSpaces instance that you want to examine then click on its Hide or Show Details button:
Step 04: Navigate the configuration details panel, check the User Last Active attribute value
- If the last user login was registered more than 30 days ago (e.g. Feb 16, 2017 10:32:54 UTC), the selected WorkSpaces instance is not in use anymore and can be safely removed from your AWS account in order to stop accumulating unnecessary usage charges.
Step 05: Repeat step no. 3 and 4 to verify the last user login, returned by the User Last Active attribute value, for other WorkSpaces instances provisioned in the current region.
Step 06: Switch to the other AWS regions and follow the same above audit process.