Not encrypting EFS mount can lead to data leak
- GG_ID: GG_IAC_0042
- Severity: HIGH
- Complexity: LOW
- Categories: DATA
- Providers: AWS
- Potential data exposure: True
- Visible in logs: False
- User interaction required: False
- Privileges required: True
Description#
Amazon Elastic Container Service (Amazon ECS) is a container management service, in which tasks definition are used to run an individual task or task within a service.
EFS are volumes that can be mounted to a container. When in-transit encryption is not enabled for an EFS mount, the data in transit can be read by someone with access to the network.
Impact#
Data leak.
Remediation guidelines#
Enable in-transit encryption for the EFS mount.