[EFS.1]
Amazon EFS should be configured to encrypt file data at rest using AWS KMS
Description
Amazon Elastic File System (EFS) should be configured to encrypt file data. Using AWS KMS (Key management service) to encrypt file data makes it more secure. To make this rule COMPLIANT, you must configure EFS to use KMS data encryption.
Details
| Property | Value |
|---|---|
| Category | Protect > Data protection > Encryption of data at rest |
| Compliance Control ID | EFS.1 |
| FortifyFox ID | FF100026 |
| Link | EFS.1 Compliance |
| Resource Type(s) | AWS::EFS::FileSystem |
| Severity | Medium |
Remediation
Use the following CloudFormation templates to deploy an AWS EFS with encryption configured compliant with EFS.1
YAML Template
Resources:
efs:
Type: AWS::EFS::FileSystem
Properties:
Encrypted: true
JSON Template
{
"Resources": {
"efs": {
"Type": "AWS::EFS::FileSystem",
"Properties": {
"Encrypted": true
}
}
}
}