Skip to main content

Not encrypting EFS mount can lead to data leak

  • GG_ID: GG_IAC_0042
  • Severity: HIGH
  • Complexity: LOW
  • Categories: DATA
  • Providers: AWS
  • Potential data exposure: True
  • Visible in logs: False
  • User interaction required: False
  • Privileges required: True

Description#

Amazon Elastic Container Service (Amazon ECS) is a container management service, in which tasks definition are used to run an individual task or task within a service.

EFS are volumes that can be mounted to a container. When in-transit encryption is not enabled for an EFS mount, the data in transit can be read by someone with access to the network.

Impact#

Data leak.

Remediation guidelines#

Enable in-transit encryption for the EFS mount.

External documentation#