Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements. Your data is transparently encrypted while being written and transparently decrypted while being read from your storage volumes, therefore the encryption process does not require any additional action from you, your WorkSpaces instance or your application. Encryption keys are managed by AWS KMS service, eliminating the need to build and maintain a secure key management infrastructure.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When working with production data it is highly recommended to implement encryption in order to protect this data from unauthorized access and fulfill compliance requirements for data-at-rest encryption within your organization.
To determine your WorkSpaces storage volumes encryption status, perform the following:
To encrypt existing AWS WorkSpaces data you must re-create the necessary WorkSpaces instances with the volumes encryption feature enabled. To relaunch these instances, perform the following:Note: Relaunching Amazon WorkSpaces instances from custom images and bundles using AWS Command Line Interface (CLI) is not currently supported.