Remediation
Enable EBS Volume Encryptionβ
Amazon WorkSpaces does not support enabling encryption on existing WorkSpaces. To remediate this finding, recreate the affected WorkSpace with EBS volume encryption enabled.
From Consoleβ
- Open the Amazon WorkSpaces console.
- Choose Create WorkSpaces and complete the first three setup steps.
- On the Customization step:
- Select Encrypt root volume and Encrypt user volume.
- For Encryption Key, select a customer-managed KMS key.
Note: The selected KMS key must be symmetric, because Amazon WorkSpaces does not support asymmetric KMS keys.
- Choose Create WorkSpace to finish the WorkSpaces creation process.