EFS file systems should have encryption at rest enabled
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Description
This check ensures that Amazon Elastic File System (EFS) file systems have encryption at rest enabled. Enabling encryption at rest helps protect data stored in EFS by encrypting the file system content using AWS Key Management Service (KMS). This minimizes the risk of unauthorized access to sensitive data and aligns with best practices for data security.
To enable encryption at rest for a new EFS file system, refer to the Amazon EFS User Guide on Data Encryption. It’s recommended to configure encryption during the creation of an EFS file system, as encryption at rest cannot be enabled after the file system has been created.
For existing EFS file systems that are not encrypted, consider migrating data to a new, encrypted file system. For detailed instructions on how to perform such migrations, refer to the EFS documentation on migrating data to encrypted file systems.
