Best practice rules for Amazon Elastic File System (EFS)
- AWS KMS Customer Master Keys for EFS Encryption
Ensure EFS file systems are encrypted with KMS Customer Master Keys (CMKs) in order to have full control over data encryption and decryption.
- Disable Root Access for EFS File Systems
Prevent root access to your Amazon EFS file systems using AWS IAM policies.
- EFS Encryption Enabled
Ensure encryption is enabled for AWS EFS file systems to protect your data at rest.
- Enable Automatic Backups for Elastic File Systems
Ensure that Automatic Backups feature is enabled for your Amazon EFS file systems.
- Enable Lifecycle Management for AWS EFS File Systems
Ensure Amazon EFS file systems have Lifecycle Management feature enabled for cost optimization.
- Enforce Encryption for New Amazon EFS Resources using IAM Policies
Enforce encryption at rest for new Amazon EFS file systems using IAM identity-based policies.
- Enforce In-Transit Encryption
Enforce in-transit encryption for all NFS clients that are connecting to Amazon EFS file systems.