A Config rule that checks whether Amazon Elastic File System (Amazon EFS) are configured to encrypt the file data using AWS Key Management Service (AWS KMS). The rule is NON_COMPLIANT if the Encrypted key is set to False on DescribeFileSystems or, if specified, KmsKeyId key on DescribeFileSystems is not matching KmsKeyId parameter.

This config rule supports the following parameters:

  • KmsKeyId
    • Required: No
    • Type: String
    • Description:Amazon Resource Name (ARN) of the KMS key that is used to encrypt the EFS file system.


Source *

CloudFormation Template

Share Template