Not encrypting data at rest can lead to data leak
- GG_ID: GG_IAC_0043
- Severity: HIGH
- Complexity: MEDIUM
- Categories: DATA
- Providers: AWS
- Potential data exposure: True
- Visible in logs: False
- User interaction required: False
- Privileges required: True
Amazon Elastic File System (Amazon EFS) provides serverless, set-and-forget elastic file system for use with AWS Cloud services and on-premises resources.
Encrypting your volumes ensures that your application runtime data will not be compromised from unauthorized access to the data layer.
Since it is not possible to encrypt an existing unencrypted file system, you will have to perform manual steps:
- Create a backup of your EFS.
- Create a new EFS with encryption enabled.
- Restore the backup to the new EFS.
- Delete the unencrypted EFS.