Workspaces can be encrypted with the AWS Key Management Service (KMS) keys so that when launched, they secure data stored at rest. Root and User volumes can both be encrypted, and FIPS is supported. For more information, see the AWS Workspaces documentation.
References:
https://docs.aws.amazon.com/workspaces/latest/adminguide/encrypt-workspaces.html
In AWS Console -
In Terraform -
References:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/workspaces_workspace