Workspace Without Encryption
- Query id: 89827c57-5a8a-49eb-9731-976a606d70db
- Query name: Workspace Without Encryption
- Platform: CloudFormation
- Severity: High
- Category: Encryption
- CWE: 311
- URL: Github
Description¶
Workspaces should have encryption enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
Resources:
MyWorkSpace:
Type: AWS::WorkSpaces::Workspace
Properties:
BundleId: !FindInMap
- WSTypeMap
- !Ref 'WorkstationType'
- BundleId
DirectoryId: !FindInMap
- WSTypeMap
- !Ref 'WorkstationType'
- DirectoryId
UserName: !Ref 'UserName'
Positive test num. 2 - yaml file
Resources:
MyWorkSpace2:
Type: AWS::WorkSpaces::Workspace
Properties:
BundleId: !FindInMap
- WSTypeMap
- !Ref 'WorkstationType'
- BundleId
DirectoryId: !FindInMap
- WSTypeMap
- !Ref 'WorkstationType'
- DirectoryId
UserName: !Ref 'UserName'
UserVolumeEncryptionEnabled: false
Positive test num. 3 - json file
{
"Resources": {
"MyWorkSpace": {
"Type": "AWS::WorkSpaces::Workspace",
"Properties": {
"BundleId": [
"WSTypeMap",
"WorkstationType",
"BundleId"
],
"DirectoryId": [
"WSTypeMap",
"WorkstationType",
"DirectoryId"
],
"UserName": "UserName"
}
}
}
}
Positive test num. 4 - json file
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
Resources:
MyWorkSpace:
Type: AWS::WorkSpaces::Workspace
Properties:
BundleId: !FindInMap
- WSTypeMap
- !Ref 'WorkstationType'
- BundleId
DirectoryId: !FindInMap
- WSTypeMap
- !Ref 'WorkstationType'
- DirectoryId
UserName: !Ref 'UserName'
UserVolumeEncryptionEnabled: true
Negative test num. 2 - yaml file
Resources:
MyWorkSpace2:
Type: AWS::WorkSpaces::Workspace
Properties:
BundleId: !FindInMap
- WSTypeMap
- !Ref 'WorkstationType'
- BundleId
DirectoryId: !FindInMap
- WSTypeMap
- !Ref 'WorkstationType'
- DirectoryId
UserName: !Ref 'UserName'
UserVolumeEncryptionEnabled: 'true'
Negative test num. 3 - json file
{
"Resources": {
"MyWorkSpace": {
"Type": "AWS::WorkSpaces::Workspace",
"Properties": {
"BundleId": [
"WSTypeMap",
"WorkstationType",
"BundleId"
],
"DirectoryId": [
"WSTypeMap",
"WorkstationType",
"DirectoryId"
],
"UserName": "UserName",
"UserVolumeEncryptionEnabled": true
}
}
}
}