AWS-EFS-encryption-disable-for-data-in-transmit-between-client-and-EFS

Severity: High

Description: This control ensures whether the data in transit is encrypted or not. Enabling encryption of data in transit for your Amazon EFS file system is done by enabling Transport Layer Security (TLS) when you mount your file system using the Amazon EFS mount helper.

Remediation Steps:

Perform following to create a new encrypted EFS and copy data from unencrypted EFS:

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to File Systems.

3. On the File Systems page, choose the file system that you want to edit or create a file system policy for. The details page for that file system is displayed.

4. Choose File system policy, then choose Edit. The File system policy page appears.

5. In Policy options, choose Enforce in-transit encryption for all clients - This option denies access to unencrypted clients. 

6. choose Save.

Important:

Reference:

• https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html

• https://docs.aws.amazon.com/efs/latest/ug/encryption-in-transit.html

• https://docs.aws.amazon.com/efs/latest/ug/encryption-in-transit.html