Amazon FSx controls - Amazon Security Hub
[FSx.1] FSx for OpenZFS file systems should be configured to copy tags to backups and volumes[FSx.2] FSx for Lustre file systems should be configured to copy tags to backups
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon FSx controls

These controls are related to Amazon FSx resources.

These controls may not be available in all Amazon Web Services Regions. For more information, see Availability of controls by Region.

[FSx.1] FSx for OpenZFS file systems should be configured to copy tags to backups and volumes

Related requirements: NIST.800-53.r5 CA-9(1), NIST.800-53.r5 CM-2, NIST.800-53.r5 CM-2(2)

Category: Identify > Inventory > Tagging

Severity: Low

Resource type: AWS::FSx::FileSystem

Amazon Config rule: fsx-openzfs-copy-tags-enabled

Schedule type: Change triggered

Parameters: None

This control checks if an Amazon FSx for OpenZFS file system is configured to copy tags to backups and volumes. The control fails if the OpenZFS file system isn't configured to copy tags to backups and volumes.

Identification and inventory of your IT assets is an important aspect of governance and security. Tags help you categorize your Amazon resources in different ways, for example, by purpose, owner, or environment. This is useful when you have many resources of the same type because you can quickly identify a specific resource based on the tags that you assigned to it.

Remediation

To configure an FSx for OpenZFS file system to copy tags to backups and volumes, see Updating a file system in the Amazon FSx OpenZFS User Guide.

[FSx.2] FSx for Lustre file systems should be configured to copy tags to backups

Related requirements: NIST.800-53.r5 CP-9, NIST.800-53.r5 CM-8

Category: Identify > Inventory > Tagging

Severity: Low

Resource type: AWS::FSx::FileSystem

Amazon Config rule: fsx-lustre-copy-tags-to-backups

Schedule type: Change triggered

Parameters: None

This control checks whether an Amazon FSx for Lustre file system is configured to copy tags to backups and volumes. The control fails if the Lustre file system isn't configured to copy tags to backups and volumes.

Identification and inventory of your IT assets is an important aspect of governance and security. Tags help you categorize your Amazon resources in different ways, for example, by purpose, owner, or environment. This is useful when you have many resources of the same type because you can quickly identify a specific resource based on the tags that you assigned to it.

Remediation

To configure an FSx for Lustre file system to copy tags to backups, see Updating a file system in the Amazon FSx OpenZFS User Guide.