diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5268625..fb88268 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
 ## [[v9.?.?](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v9.0.0...HEAD)] - 2020-xx-xx]
 
 - Fix doc about spot instances, cluster-autoscaler should be scheduled on normal instances instead of spot (by @simowaer)
+- Adding `encrypted` option to worker's root_block_device as read from the worker configurations (by @craig-rueda)
 
 # History
 
diff --git a/workers.tf b/workers.tf
index 8d20bd8..4c1a6a0 100644
--- a/workers.tf
+++ b/workers.tf
@@ -185,6 +185,11 @@ resource "aws_launch_configuration" "workers" {
   )
 
   root_block_device {
+    encrypted = lookup(
+      var.worker_groups[count.index],
+      "root_encrypted",
+      local.workers_group_defaults["root_encrypted"],
+    )
     volume_size = lookup(
       var.worker_groups[count.index],
       "root_volume_size",