AWS Security ChangesHomeSearch

AWS workspaces medium security documentation change

Service: workspaces · 2026-02-25 · Security-related medium

File: workspaces/latest/adminguide/encrypt-workspaces.md

Summary

Expanded BitLocker guidance to warn about boot failures when encryption credentials are enabled on Windows volumes.

Security assessment

Added critical warning about system instability when combining WorkSpaces with volume encryption tools (passwords/pins/keys). This addresses potential denial-of-service vulnerabilities where misconfigured encryption could make systems unbootable. Concrete evidence: Explicit description of boot failure scenarios.

Diff

diff --git a/workspaces/latest/adminguide/encrypt-workspaces.md b/workspaces/latest/adminguide/encrypt-workspaces.md
index b6f53da0f..450091989 100644
--- a//workspaces/latest/adminguide/encrypt-workspaces.md
+++ b//workspaces/latest/adminguide/encrypt-workspaces.md
@@ -15 +15 @@ WorkSpaces is integrated with the AWS Key Management Service (AWS KMS). This ena
-  * BitLocker encryption is not supported for Amazon WorkSpaces.
+  * Windows BitLocker encryption is not supported for Amazon WorkSpaces. Amazon WorkSpaces will attempt to decrypt any volumes detected during boot on all Windows Operating Systems where applicable. Volumes can become unresponsive during boot process if any combination of passwords, pins, or startup keys are enabled for any volumes on the WorkSpace it can become unhealthy and unable to boot properly.