Root and user volumes on Workspaces should be encrypted
Workspace volumes for both user and root should be encrypted to protect the data stored on them.
Impact
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Root and user volume encryption should be enabled
1
2
3
4
5
6
7
|
Resources:
GoodExample:
Type: AWS::WorkSpaces::Workspace
Properties:
RootVolumeEncryptionEnabled: true
UserName: admin
UserVolumeEncryptionEnabled: true
|
1
2
3
4
5
6
7
|
Resources:
GoodExample:
Type: AWS::WorkSpaces::Workspace
Properties:
RootVolumeEncryptionEnabled: true
UserName: admin
UserVolumeEncryptionEnabled: true
|
Root and user volume encryption should be enabled
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
resource "aws_workspaces_workspace" "good_example" {
directory_id = aws_workspaces_directory.test.id
bundle_id = data.aws_workspaces_bundle.value_windows_10.id
user_name = "Administrator"
root_volume_encryption_enabled = true
user_volume_encryption_enabled = true
workspace_properties {
compute_type_name = "VALUE"
user_volume_size_gib = 10
root_volume_size_gib = 80
running_mode = "AUTO_STOP"
running_mode_auto_stop_timeout_in_minutes = 60
}
}
|
Links