Ensure automated backup using EFS Backup policy is enabled for AWS Elastic File System (EFS)

MEDIUM

Description

AWS EFS file systems do not automated backup enabled. This may compromise security and affect the availability of data.

Remediation

In AWS Console -

Sign in to the AWS Console and go to the AWS EFS console.
On the File systems page, choose the file system for which to enable automatic backups. The File system details page is displayed.
In general tab, choose Edit.
Select Enable automatic backups and save.

In terraform -

Create 'aws_efs_backup_policy' resource and set 'file_system_id' to the corresponding EFS.
Set 'backup.status' to 'ENABLED'.

References:
https://docs.aws.amazon.com/efs/latest/ug/efs-backup-solutions.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_backup_policy

Policy Details

Rule Reference ID: AC_AWS_0393

CSP: AWS

Remediation Available: Yes

Domain: Resilience

Resource: aws_efs_file_system

Resource Category: Storage

Resource Type: Elastic File System (EFS)

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
ISO-27001