Skip to main content

Root and User Workspaces volumes should be encrypted

  • GG_ID: GG_IAC_0067
  • Severity: HIGH
  • Complexity: LOW
  • Categories: DATA, PERMISSION
  • Providers: AWS
  • Potential data exposure: True
  • Visible in logs: False
  • User interaction required: False
  • Privileges required: True


Amazon WorkSpaces is a fully managed desktop virtualization service for Windows and Linux that enables you to access resources from any supported device.

The storage volumes should always be encrypted to protect the data if accesses are compromised.


Not encrypting data could lead to data leak in case of an attack.

Remediation guidelines#

Enable encryption for Root and User volummes from the WorkSpaces console, providing a KMS key.

External documentation#