Ensure there are no public file systems for AWS Elastic File System (EFS)

HIGH

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

In AWS Console -

Sign in to the AWS Console and go to the Amazon EFS console.
Select File Systems.
Click the file system that you want to configure. Select Permissions.
In the File system policy, select the policy statement.
Click Edit and make the necessary changes.

In Terraform -

In the aws_efs_file_system_policy resource, configure the policy field accordingly.

References:
https://docs.aws.amazon.com/efs/latest/ug/auth-and-access-control.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_file_system_policy

Policy Details

Rule Reference ID: AC_AWS_0099

CSP: AWS

Remediation Available: Yes

Domain: Identity and Access Management

Resource: aws_efs_file_system_policy

Resource Category: Storage

Resource Type: Elastic File System (EFS)

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0

Detections

Analytics