ECS services must have volume encryption for mounted EFS volumes

ecs
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

ECS services that mount EFS volumes should ensure that all mounted EFS file systems have encryption enabled to protect data at rest.

Remediation

Enable encryption on all EFS file systems mounted by ECS services by setting the encrypted parameter to true when creating the EFS file system, and optionally specify a KMS key for encryption. Refer to the Encryption best practices for Amazon ECS.