Encrypting data in transit - Amazon Elastic File System
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Encrypting data in transit

Enabling encryption of data in transit for your Amazon EFS file system is done by enabling Transport Layer Security (TLS) when you mount your file system using the Amazon EFS mount helper. For more information, see Mounting EFS file systems using the EFS mount helper.

When encryption of data in transit is declared as a mount option for your Amazon EFS file system, the mount helper initializes a client stunnel process. Stunnel is an open source multipurpose network relay. The client stunnel process listens on a local port for inbound traffic, and the mount helper redirects Network File System (NFS) client traffic to this local port. The mount helper uses TLS version 1.2 to communicate with your file system.

To mount your Amazon EFS file system with the mount helper with encryption of data in transit enabled

  1. Access the terminal for your instance through Secure Shell (SSH), and log in with the appropriate user name. For more information, see Connect to your EC2 instance in the Amazon EC2 User Guide.

  2. Run the following command to mount your file system.

    sudo mount -t efs  -o tls fs-12345678:/ /mnt/efs