Not encrypting data at rest can lead to data leak

Severity	Exploitability	Providers	Categories
HIGH	MEDIUM	AWS	DATA

Description

Amazon Elastic File System (Amazon EFS) provides serverless, set-and-forget elastic file system for use with AWS Cloud services and on-premises resources.

Encrypting your volumes ensures that your application runtime data will not be compromised from unauthorized access to the data layer.

Impact

Potential data exposure	Visible in logs	User interaction required	Privileges required
True	False	False	True

Data leak.

Remediation guidelines

Since it is not possible to encrypt an existing unencrypted file system, you will have to perform manual steps:

Create a backup of your EFS.
Create a new EFS with encryption enabled.
Restore the backup to the new EFS.
Delete the unencrypted EFS.

References

AWS EFS encryption at rest
AWS Backup for EFS

Not encrypting data at rest can lead to data leak

Description

Impact

Remediation guidelines

References

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Not encrypting data at rest can lead to data leak

Description​

Impact​

Remediation guidelines​

References​

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Subscribe to our newsletter

Description

Impact

Remediation guidelines

References