PlatformResourcesSign inSign Up

Ensure that Workspace root volumes are encrypted

Error: Workspace root volumes are not encrypted

Bridgecrew Policy ID: BC_AWS_GENERAL_84
Checkov Check ID: CKV_AWS_156
Severity: MEDIUM

Suggest Edits

Workspace root volumes are not encrypted

Description

Encrypting your Workspace root volumes helps protect your data from unauthorized access or tampering. That way, you can ensure that only authorized users can access and modify the contents of your volumes. Such action can help protect against external threats such as hackers or malware, as well as internal threats such as accidental or unauthorized access.

Fix - Buildtime

Terraform

  • Resource: aws_workspaces_workspace
  • Argument: root_volume_encryption_enabled 
resource "aws_workspaces_workspace" "pass" {
    ...
+ root_volume_encryption_enabled = true
    ...
}

CloudFormation

  • Resource: AWS::WorkSpaces::Workspace
  • Argument: Properties.RootVolumeEncryptionEnabled 
Type: AWS::WorkSpaces::Workspace
    ...
  Properties: 
    ...
+   RootVolumeEncryptionEnabled: true

Updated about 1 month ago