enable-disk-encryption
Explanation
Workspace volumes for both user and root should be encrypted to protect the data stored on them.
Possible Impact
Data can be freely read if compromised
Suggested Resolution
Root and user volume encryption should be enabled
Insecure Example
The following example will fail the AVD-AWS-0109 check.
---
Resources:
BadExample:
Type: AWS::WorkSpaces::Workspace
Properties:
RootVolumeEncryptionEnabled: false
UserVolumeEncryptionEnabled: false
UserName: "admin"
Secure Example
The following example will pass the AVD-AWS-0109 check.
---
Resources:
GoodExample:
Type: AWS::WorkSpaces::Workspace
Properties:
RootVolumeEncryptionEnabled: true
UserVolumeEncryptionEnabled: true
UserName: "admin"