Link Search Menu Expand Document

EFS Encryption has not been enabled

Explanation

If your organization is subject to corporate or regulatory policies that require encryption of data and metadata at rest, we recommend creating a file system that is encrypted at rest, and mounting your file system using encryption of data in transit.

Insecure Example

The following example will fail the AWS048 check.

resource "aws_efs_file_system" "foo" {
  name       = "bar"
  encrypted  = false
  kms_key_id = ""
}

Secure Example

The following example will pass the AWS048 check.

resource "aws_efs_file_system" "foo" {
  name       = "bar"
  encrypted  = true
  kms_key_id = "my_kms_key"
}