AWS workspaces medium security documentation change
Summary
Expanded BitLocker guidance to warn about boot failures when encryption credentials are enabled on Windows volumes.
Security assessment
Added critical warning about system instability when combining WorkSpaces with volume encryption tools (passwords/pins/keys). This addresses potential denial-of-service vulnerabilities where misconfigured encryption could make systems unbootable. Concrete evidence: Explicit description of boot failure scenarios.
Diff
diff --git a/workspaces/latest/adminguide/encrypt-workspaces.md b/workspaces/latest/adminguide/encrypt-workspaces.md index b6f53da0f..450091989 100644 --- a//workspaces/latest/adminguide/encrypt-workspaces.md +++ b//workspaces/latest/adminguide/encrypt-workspaces.md @@ -15 +15 @@ WorkSpaces is integrated with the AWS Key Management Service (AWS KMS). This ena - * BitLocker encryption is not supported for Amazon WorkSpaces. + * Windows BitLocker encryption is not supported for Amazon WorkSpaces. Amazon WorkSpaces will attempt to decrypt any volumes detected during boot on all Windows Operating Systems where applicable. Volumes can become unresponsive during boot process if any combination of passwords, pins, or startup keys are enabled for any volumes on the WorkSpace it can become unhealthy and unable to boot properly.