Ensure that your Amazon EFS file systems are encrypted in order to meet security and compliance requirements. Your data is transparently encrypted while being written and transparently decrypted while being read from your file system, therefore the encryption process does not require any additional action from you or your application. Encryption keys are managed by AWS KMS service, eliminating the need to build and maintain a secure key management infrastructure.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Cloud Conformity strongly recommends to encrypt your EFS file systems in order to protect your data and metadata from unauthorized access and fulfill compliance requirements for data-at-rest encryption within your organization.
To determine your Amazon EFS file systems encryption status, perform the following:
To encrypt an existing AWS EFS file system you must copy the data from the existing file system onto the new one, that has the encryption feature enabled. To set up the new EFS file system, enable encryption, and copy your existing data to it, perform the following: