Not encrypting data at rest can lead to data leak
- GG_ID: GG_IAC_0043
- Severity: HIGH
- Complexity: MEDIUM
- Categories: DATA
- Providers: AWS
- Potential data exposure: True
- Visible in logs: False
- User interaction required: False
- Privileges required: True
#
DescriptionAmazon Elastic File System (Amazon EFS) provides serverless, set-and-forget elastic file system for use with AWS Cloud services and on-premises resources.
Encrypting your volumes ensures that your application runtime data will not be compromised from unauthorized access to the data layer.
#
ImpactData leak.
#
Remediation guidelinesSince it is not possible to encrypt an existing unencrypted file system, you will have to perform manual steps:
- Create a backup of your EFS.
- Create a new EFS with encryption enabled.
- Restore the backup to the new EFS.
- Delete the unencrypted EFS.