Remediation
Enable EBS Volume Encryptionβ
Amazon WorkSpaces does not support enabling encryption on existing WorkSpaces. To remediate this finding, you must recreate the affected WorkSpace with EBS volume encryption enabled.
From Consoleβ
-
Open the Amazon WorkSpaces console.
-
Choose Create WorkSpaces and complete the first three setup steps.
-
On the Customization step:
-
Select Encrypt root volume and Encrypt user volume.
-
For Encryption Key, select a customer-managed KMS key that you created
Note: The selected KMS key must be symmetric, as Amazon WorkSpaces does not support asymmetric KMS keys.
-
-
Choose Create WOrkSpace to finish the WorkSpaces creation process.