Control: WorkSpaces user volumes should be encrypted at rest
Description
This control checks whether a user volume in an Amazon WorkSpaces WorkSpace is encrypted at rest. The control fails if the WorkSpace user volume isn't encrypted at rest.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.workspaces_workspace_user_volume_encryption_enabled
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.workspaces_workspace_user_volume_encryption_enabled --share
SQL
This control uses a named query:
select arn as resource, case when user_volume_encryption_enabled then 'ok' else 'alarm' end as status, case when user_volume_encryption_enabled then title || ' user volume encryption enabled.' else title || ' user volume encryption disabled.' end as reason , region, account_idfrom aws_workspaces_workspace;