Ensure that Workspace user volumes are encrypted
Error: Workspace user volumes are not encrypted
Bridgecrew Policy ID: BC_AWS_GENERAL_83
Checkov Check ID: CKV_AWS_155
Severity: MEDIUM
Workspace user volumes are not encrypted
Description
Encrypting your Workspace user volumes helps protect your data from unauthorized access or tampering. That way, you can ensure that only authorized users can access and modify the contents of your volumes. Such action can help protect against external threats such as hackers or malware, as well as internal threats such as accidental or unauthorized access.
Fix - Buildtime
Terraform
- Resource: aws_workspaces_workspace
- Argument: user_volume_encryption_enabled, volume_encryption_key
resource "aws_workspaces_workspace" "pass" {
...
+ user_volume_encryption_enabled = true
+ volume_encryption_key = var.volume_encryption_key
...
}
CloudFormation
- Resource: AWS::WorkSpaces::Workspace
- Argument: Properties.UserVolumeEncryptionEnabled
Type: AWS::WorkSpaces::Workspace
Properties:
...
+ UserVolumeEncryptionEnabled: true
Updated 9 months ago