Description
This policy identifies AWS WorkSpaces where EBS volume encryption is not enabled for either the root volume (OS) or the user volume (Data).
Rationaleβ
Amazon WorkSpaces store user profiles, documents, and application data. Enabling encryption at rest ensures that data remains unreadable if the underlying storage media is compromised or accessed without authorization. This is a critical control for protecting end-user computing environments.
Auditβ
This policy flags an Amazon WorkSpace as INCOMPLIANT if Root Volume Encryption Enabled or User Volume Encryption Enabled is not set to true.
WorkSpaces in the AVAILABLE State are marked as INAPPLICABLE.