Description:
This policy ensures that default Internet Access is unchecked for Amazon AppStream fleet streaming instances. This helps to mitigate the risk of unauthorized access to the internet from these instances.
Rationale:
By default, Amazon AppStream fleet streaming instances have default Internet Access enabled. This means that users can access the internet from these instances without any restrictions. However, this can also pose a security risk, as it allows users to access malicious websites or download malware.
Impact:
If default Internet Access is enabled for Amazon AppStream fleet streaming instances, users could potentially access malicious websites or download malware. This could lead to data breaches or other security incidents.
Default Value:
The default value for default Internet Access is unchecked. This means that users cannot access the internet from Amazon AppStream fleet streaming instances by default.
Pre-requisites:
- Access to the AWS Management Console or the AWS CLI
- The ability to manage Amazon AppStream fleets
Remediation Steps:
- Open the AWS Management Console or the AWS CLI.
- Go to the Amazon AppStream console.
- Click on Fleets.
- Select the fleet that you want to change the default Internet Access setting for.
- Click on the Edit button.
- In the Network section, uncheck the Default Internet Access checkbox.
- Click on the Save button.
Test Plan:
- Verify that the default Internet Access setting is unchecked for the fleet.
- Try to access a website from one of the streaming instances in the fleet.
- Verify that you are unable to access the website.
Implementation Plan:
- Follow the remediation steps above to implement the policy.
- Test the policy to make sure that it is working as expected.
AWS CLI Process:
To implement the policy using the AWS CLI, you can use the following command:
aws appstream update-fleet --fleet-name <fleet-name> --default-internet-access disabled
Using AWS GUI:
To implement the policy using the AWS GUI, you can follow these steps:
- Go to the AWS Management Console.
- Click on the Amazon AppStream tab.
- Click on Fleets.
- Select the fleet that you want to change the default Internet Access setting for.
- Click on the Edit button.
- In the Network section, uncheck the Default Internet Access checkbox.
- Click on the Save button.
Backout Plan:
To revoke the policy, you can use the following command:
aws appstream update-fleet --fleet-name <fleet-name> --default-internet-access enabled
Note:
- This policy only applies to Amazon AppStream fleet streaming instances.
- If you have any questions about this policy, please contact your AWS administrator.
Reference:
- Amazon AppStream 2.0 documentation: https://docs.aws.amazon.com/appstream2/latest/developerguide/
Section 2:
- Tags: security, internet, access, amazon appstream
- Keywords: default internet access, amazon appstream, AWS policy