AWS Unused WorkSpaces

Rule Description

Rule Code: AWS-WS-01

Identify and remove any unused AWS WorkSpaces instances available within your AWS account.

An AWS WorkSpaces instance is considered unused if has 0 known user connections registered within the past 30 days.

Audit / Verification

Step 01: Log in to the AWS Management Console.

AWS Console login

Step 02: Navigate to WorkSpaces dashboard, click WorkSpaces to access the service instances listing page.

Step 03: Choose the WorkSpaces instance that you want to examine then click on its Hide or Show Details button:

Step 04: Navigate the configuration details panel, check the User Last Active attribute value

  • If the last user login was registered more than 30 days ago (e.g. Feb 16, 2017 10:32:54 UTC), the selected WorkSpaces instance is not in use anymore and can be safely removed from your AWS account in order to stop accumulating unnecessary usage charges.

Step 05: Repeat step no. 3 and 4 to verify the last user login, returned by the User Last Active attribute value, for other WorkSpaces instances provisioned in the current region.

Step 06: Switch to the other AWS regions and follow the same above audit process.