# efs-encrypted-check
<a name="efs-encrypted-check"></a>

Checks if Amazon Elastic File System (Amazon EFS) is configured to encrypt the file data using Amazon Key Management Service (Amazon KMS). The rule is NON\$1COMPLIANT if the encrypted key is set to false on `DescribeFileSystems` or if the `KmsKeyId` key on `DescribeFileSystems` does not match the `KmsKeyId` parameter.



**Identifier:** EFS\$1ENCRYPTED\$1CHECK

**Resource Types:** AWS::EFS::FileSystem

**Trigger type:** Periodic

**Amazon Web Services Region:** All supported Amazon regions

**Parameters:**

KmsKeyId (Optional)Type: String  
Amazon Resource Name (ARN) of the KMS key that is used to encrypt the EFS file system.

## Amazon CloudFormation template
<a name="w2aac20c16c17b7d693c19"></a>

To create Amazon Config managed rules with Amazon CloudFormation templates, see [Creating Amazon Config Managed Rules With Amazon CloudFormation Templates](aws-config-managed-rules-cloudformation-templates.md).