Elastic File System should be configured to encrypt data at-rest using AWS KMS
Identifier
efs-enable-at-rest-encryption
Category
Protect > Data protection > Encryption of data at rest
Description
This control checks whether an Amazon Elastic File System (EFS) is encrypted at rest, by verifying that the encrypted attribute is set to true and set kms_key_id in the Terraform configuration for the aws_efs_file_system resource.
Non Compliant Example
| Terraform | |
|---|---|
Remediation
To fix this violation, enable encryption at rest by setting the encrypted attribute to true and set kms_key_id in your Terraform configuration:
| Terraform | |
|---|---|