Ensure that your Amazon EFS file systems are encrypted

Enable encryption of your EFS file systems in order to protect your data and metadata from breaches or unauthorized access and fulfill compliance requirements for data-at-rest encryption within your organization.

Risk Level: High
Cloud Entity: Amazon Elastic File System (EFS)
CloudGuard Rule ID: D9.CFT.CRY.05
Covered by Spectral: Yes
Category: Storage


AWS_EFS_FileSystem should have Encrypted=true


From CFT
Set AWS::EFS::FileSystem Encrypted property to be true


  1. https://docs.aws.amazon.com/efs/latest/ug/encryption.html

Amazon Elastic File System (EFS)

Amazon Elastic File System (Amazon EFS) provides simple, scalable, elastic file storage for use with AWS Cloud services and on-premises resources. It is easy to use and offers a simple interface that allows you to create and configure file systems quickly and easily. Amazon EFS is built to elastically scale on demand without disrupting applications, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it.

Compliance Frameworks

  • AWS CloudFormation ruleset