EFS file systems should have encryption at rest enabled

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

This check ensures that Amazon Elastic File System (EFS) file systems have encryption at rest enabled. Enabling encryption at rest helps protect data stored in EFS by encrypting the file system content using AWS Key Management Service (KMS). This minimizes the risk of unauthorized access to sensitive data and aligns with best practices for data security.

Remediation

To enable encryption at rest for a new EFS file system, refer to the Amazon EFS User Guide on Data Encryption. It’s recommended to configure encryption during the creation of an EFS file system, as encryption at rest cannot be enabled after the file system has been created.

For existing EFS file systems that are not encrypted, consider migrating data to a new, encrypted file system. For detailed instructions on how to perform such migrations, refer to the EFS documentation on migrating data to encrypted file systems.