Ensure permissions are tightly controlled for AWS EFS File System

HIGH

Description

EFS with sensitive permissions may lead to unauthorized access and/or data leak.

Remediation

In AWS Console -

Sign in to the AWS Console and go to the Amazon EFS console.
Select File Systems.
Click the file system that you want to configure. Select Permissions.
In the File system policy, select the policy statement.
Click Edit and make the necessary changes.

In Terraform -

In the aws_efs_file_system_policy resource, configure the policy field accordingly.

References:
https://docs.aws.amazon.com/efs/latest/ug/auth-and-access-control.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_file_system_policy

Policy Details

Rule Reference ID: AC_AWS_0377

CSP: AWS

Remediation Available: No

Domain: Identity and Access Management

Resource: aws_efs_file_system_policy

Resource Category: Storage

Resource Type: Elastic File System (EFS)

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF