ECS services must have volume encryption for mounted EFS volumes

ecs

Description

ECS services that mount EFS volumes should ensure that all mounted EFS file systems have encryption enabled to protect data at rest.

Remediation

Enable encryption on all EFS file systems mounted by ECS services by setting the encrypted parameter to true when creating the EFS file system, and optionally specify a KMS key for encryption. Refer to the Encryption best practices for Amazon ECS.