AWS Config Rule: EFS Encrypted

EFS_ENCRYPTED_CHECK

Fernando Honig

Last Update setahun yang lalu

Description: Checks if Amazon Elastic File System (Amazon EFS) is configured to encrypt the file data using AWS Key Management Service (AWS KMS). The rule is NON_COMPLIANT if the encrypted key is set to false on DescribeFileSystems or if the KmsKeyId key on DescribeFileSystems does not match the KmsKeyId parameter.


Trigger type: Periodic


AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Europe (Spain), Europe (Zurich) Region


How to Resolve Manually

To resolve this manually, you need to migrate your data to a new encrypted filesystem.


Unfortunately, at the time of writing this document, there is no option to automatically migrate to an encrypted filesystem.


How to Resolve with StackZone 

You can resolve with StackZone by enabling the StackZone - Deny Mandatory Preventive Guardrail which by default doesn’t allow the creation of unencrypted filesystems in all the Organizational Units where this Guardrail is attached to.


Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us