Skip to content

enable-disk-encryption

Explanation

Workspace volumes for both user and root should be encrypted to protect the data stored on them.

Possible Impact

Data can be freely read if compromised

Suggested Resolution

Root and user volume encryption should be enabled

Insecure Example

The following example will fail the AVD-AWS-0109 check.

---
Resources:
  BadExample:
    Type: AWS::WorkSpaces::Workspace
    Properties: 
      RootVolumeEncryptionEnabled: false
      UserVolumeEncryptionEnabled: false
      UserName: "admin"

Secure Example

The following example will pass the AVD-AWS-0109 check.

---
Resources:
  GoodExample:
    Type: AWS::WorkSpaces::Workspace
    Properties:
      RootVolumeEncryptionEnabled: true
      UserVolumeEncryptionEnabled: true
      UserName: "admin"