Skip to main content

Not encrypting data at rest can lead to data leak

  • GG_ID: GG_IAC_0043
  • Severity: HIGH
  • Complexity: MEDIUM
  • Categories: DATA
  • Providers: AWS
  • Potential data exposure: True
  • Visible in logs: False
  • User interaction required: False
  • Privileges required: True

Description#

Amazon Elastic File System (Amazon EFS) provides serverless, set-and-forget elastic file system for use with AWS Cloud services and on-premises resources.

Encrypting your volumes ensures that your application runtime data will not be compromised from unauthorized access to the data layer.

Impact#

Data leak.

Remediation guidelines#

Since it is not possible to encrypt an existing unencrypted file system, you will have to perform manual steps:

  1. Create a backup of your EFS.
  2. Create a new EFS with encryption enabled.
  3. Restore the backup to the new EFS.
  4. Delete the unencrypted EFS.

External documentation#