AWS Config Rule: EFS Encrypted
EFS_ENCRYPTED_CHECK
Fernando Honig
Last Update منذ شهرين
Description: Checks if Amazon Elastic File System (Amazon EFS) is configured to encrypt the file data using AWS Key Management Service (AWS KMS). The rule is NON_COMPLIANT if the encrypted key is set to false on DescribeFileSystems or if the KmsKeyId key on DescribeFileSystems does not match the KmsKeyId parameter.
Trigger type: Periodic
AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region
How to Resolve Manually
To resolve this manually, you need to migrate your data to a new encrypted filesystem.
Unfortunately, at the time of writing this document, there is no option to automatically migrate to an encrypted filesystem.
How to Resolve with StackZone
You can resolve with StackZone by enabling the StackZone - Deny Mandatory Preventive Guardrail which by default doesn’t allow the creation of unencrypted filesystems in all the Organizational Units where this Guardrail is attached to.
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
