efs-encrypted-check

Checks if Amazon Elastic File System (Amazon EFS) is configured to encrypt the file data using AWS Key Management Service (AWS KMS). The rule is NON_COMPLIANT if the encrypted key is set to false on DescribeFileSystems or if the KmsKeyId key on DescribeFileSystems does not match the KmsKeyId parameter.

Identifier: EFS_ENCRYPTED_CHECK

Resource Types: AWS::EFS::FileSystem

Trigger type: Periodic

AWS Region: All supported AWS regions

Parameters:

KmsKeyId (Optional)
Type: String: Amazon Resource Name (ARN) of the KMS key that is used to encrypt the EFS file system.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

efs-automatic-backups-enabled

efs-filesystem-ct-encrypted