Non-encrypted confidential information - EFS
Description
The AWS Elastic File System (EFS) service is encrypted with a default KMS key. Best practices recommend encrypting EFS instances using Customer Managed Keys (CMKs) to reduce risk of exposure and give full control of encrypted information.
Impact
Obtain confidential information from file system
Recommendation
Enable the EFS encryption using a KMS Customer Managed Key (CMK)
Threat
Anonymous attacker with local access to one or more EFS instances
Expected Remediation Time
⏱️ 20 minutes.
Fixes