efs-filesystem-ct-encrypted - Amazon Config
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

efs-filesystem-ct-encrypted

Checks if Amazon Elastic File System (Amazon EFS) encrypts data with Amazon Key Management Service (Amazon KMS). The rule is NON_COMPLIANT if a file system is not encrypted. Optionally, you can check if a file system is not encrypted with specified KMS keys.

Identifier: EFS_FILESYSTEM_CT_ENCRYPTED

Resource Types: AWS::EFS::FileSystem

Trigger type: Configuration changes

Amazon Web Services Region: All supported Amazon regions except US ISO West, US ISO East, Asia Pacific (Malaysia), US ISOB East, Israel (Tel Aviv), Canada West (Calgary) Region

Parameters:

kmsKeyArns (Optional)
Type: String

(Optional) Comma-separated list of Amazon Resource Names (ARNs) for Amazon KMS keys. If provided, the rule checks if the specified KMS keys do not encrypt an Amazon EFS file system.

Amazon CloudFormation template

To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.