If your organization is subject to corporate or regulatory policies that require encryption of data and metadata at rest, we recommend creating a file system that is encrypted at rest, and mounting your file system using encryption of data in transit.
Data can be read from the EFS if compromised
Enable encryption for EFS
The following example will fail the aws-efs-enable-at-rest-encryption check.
The following example will pass the aws-efs-enable-at-rest-encryption check.