let efs_filesystems = Resources.*[
	Type == "AWS::EFS::FileSystem"
]

rule efs_encryption_enabled when %efs_filesystems !empty {
	%efs_filesystems {
		Properties {
			Encrypted exists <<Encryption is not configured (i.e. disabled).>>
			when Encrypted exists {
				Encrypted == true <<Encryption is disabled.>>
			}
		}
	}
}