efs-encrypted-check
Checks if Amazon Elastic File System (Amazon EFS) is configured to encrypt the file data using Amazon Key Management Service (Amazon KMS). The rule is NON_COMPLIANT if the encrypted key is set to false on DescribeFileSystems
or if the KmsKeyId
key on DescribeFileSystems
does not match the KmsKeyId
parameter.
Identifier: EFS_ENCRYPTED_CHECK
Resource Types: AWS::EFS::FileSystem
Trigger type: Periodic
Amazon Web Services Region: All supported Amazon regions except Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region
Parameters:
- KmsKeyId (Optional)
- Type: String
-
Amazon Resource Name (ARN) of the KMS key that is used to encrypt the EFS file system.
Amazon CloudFormation template
To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.