Updated on 2026-05-25 GMT+08:00

System Agencies

Workspace depends on various cloud service resources, such as compute, network, and storage resources. Therefore, Workspace automatically requests permissions to access those resources in the region where you run your desktops. The actual permissions may vary.

After you agree to the authorization, the agencies listed below will be created in IAM.

Table 1 Agency description

Agency Name

Action

Type

Description

ServiceLinkedAgencyForWorkspace

WorkspaceServiceLinkedAgencyPolicy

System-defined identity policy

Service-linked agency of Workspace: permissions required by services on which desktop auto scaling, gateway capacity expansion, and message notifications depend.

workspace_admin_trust

Workspace AgencyPolicy

System-defined policy

Service agency of Workspace: permissions required by services on which desktop auto scaling, gateway capacity expansion, and message notifications depend.

workspace_trust_for_obs

Workspace AccessOBSPolicy

System-defined policy

Workspace screen recording audit agency: permissions required by OBS to upload, obtain, and delete screen recording files.

workspace_trust_for_cloudstorage

Workspace CloudStorageAgency

System-defined policy

Cloud storage agency: permissions required by services on which cloud storage service access depends.

  1. ServiceLinkedAgencyForWorkspace is used for authorization in the new IAM version, and workspace_trust_admin is used for authorization in the old IAM version. They have the same functions.
  2. Workspace depends on other cloud services. It may fail to run as expected if the required permissions are not assigned. Therefore, do not delete or modify the agencies above when using Workspace.
  3. Ensure that your account has the iam:agencies:createServiceLinkedAgencyV5 permission.