🚀Launch Week 07, January 27th - 31st, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-compliance
Overview
32Dashboards
1295Benchmarks
585Queries
4Variables
GitHub

Control: WorkSpaces root and user volume encryption should be enabled

Description

To help protect data at rest, ensure encryption is enabled for your WorkSpaces root and user volumes.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.workspaces_workspace_volume_encryption_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.workspaces_workspace_volume_encryption_enabled --share

SQL

This control uses a named query:

select
  arn as resource,
  case
    when user_volume_encryption_enabled and root_volume_encryption_enabled then 'ok'
    else 'alarm'
  end as status,
  case
    when user_volume_encryption_enabled and root_volume_encryption_enabled then title || ' user and root volume encryption enabled.'
    else
      case
        when not user_volume_encryption_enabled and not root_volume_encryption_enabled then title || ' user and root volume encryption disabled.'
        when not root_volume_encryption_enabled then title || ' root volume encryption disabled.'
        else  title || ' user volume encryption disabled.'
      end
  end as reason
  
  , region, account_id
from
  aws_workspaces_workspace;

Tags

category = Compliance
plugin = aws
service = AWS/WorkSpaces