Root and user volumes on Workspaces should be encrypted
Workspace volumes for both user and root should be encrypted to protect the data stored on them.
Impact
Data can be freely read if compromised
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Root and user volume encryption should be enabled
1
2
3
4
5
6
7
8
|
Resources:
GoodExample:
Type: AWS::WorkSpaces::Workspace
Properties:
RootVolumeEncryptionEnabled: true
UserVolumeEncryptionEnabled: true
UserName: "admin"
|
1
2
3
4
5
6
7
8
9
10
11
|
"Resources": {
"GoodExample": {
"Type": "AWS::WorkSpaces::Workspace",
"Properties": {
"RootVolumeEncryptionEnabled": true,
"UserVolumeEncryptionEnabled": true,
"UserName": "admin"
}
}
}
}
|
Root and user volume encryption should be enabled
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
resource "aws_workspaces_workspace" "good_example" {
directory_id = aws_workspaces_directory.test.id
bundle_id = data.aws_workspaces_bundle.value_windows_10.id
user_name = "Administrator"
root_volume_encryption_enabled = true
user_volume_encryption_enabled = true
workspace_properties {
compute_type_name = "VALUE"
user_volume_size_gib = 10
root_volume_size_gib = 80
running_mode = "AUTO_STOP"
running_mode_auto_stop_timeout_in_minutes = 60
}
}
|
Links