EFS file systems should have encryption at rest enabled

efs
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

This check ensures that Amazon Elastic File System (EFS) file systems have encryption at rest enabled. Enabling encryption at rest helps protect data stored in EFS by encrypting the file system content using AWS Key Management Service (KMS). This minimizes the risk of unauthorized access to sensitive data and aligns with best practices for data security.

Remediation

To enable encryption at rest for a new EFS file system, refer to the Amazon EFS User Guide on Data Encryption. It’s recommended to configure encryption during the creation of an EFS file system, as encryption at rest cannot be enabled after the file system has been created.

For existing EFS file systems that are not encrypted, consider migrating data to a new, encrypted file system. For detailed instructions on how to perform such migrations, refer to the EFS documentation on migrating data to encrypted file systems.