By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM PoliciesAmazon ECRRDS Event Subscriptions

By Service Protected

Configuration Packages

Strategy Guides

Other

EFS Security Controls

A collection of AWS Security controls for Amazon EFS. Controls include secure EFS Share configurations, Config rules for monitoring compliance, Security Groups and more. Configuration templates are available in AWS CloudFormation, AWS CLI and Terraform

EFS

Configuration to provision a new EFS file system and attach it to a VPC with options to customize encryption, backup, access, and performance settings.

CloudFormationTerraformAWS CLI
Backup

Configuration to create AWS Backup plans and vaults. AWS Backup automates the process of backing up of data across AWS services including EFS, DynamoDB, EC2, EBS, Aurora, RDS, and Storage Gateway, as well as setting custom retention policies, access policies, and encryption

CloudFormationTerraformAWS CLI
Config Rule

A Config rule that checks whether Amazon Elastic File System (Amazon EFS) are configured to encrypt the file data using AWS Key Management Service (AWS KMS). The rule is NON_COMPLIANT if the Encrypted key is set to False on DescribeFileSystems or, if specified, KmsKeyId key on DescribeFileSystems is not matching KmsKeyId parameter

CloudFormationTerraformAWS CLI

A Config rule that checks whether Amazon Elastic File System (Amazon EFS) file systems are added in the backup plans of AWS Backup. The rule is NON_COMPLIANT if EFS file systems are not included in the backup plans.

CloudFormationTerraformAWS CLI
Security Group

A security group for Amazon EFS that allows inbound NFS access from resources (including the mount target) associated with this security group (TCP 2049).

CloudFormationTerraformAWS CLI
EFS
Backup
Config Rule
Security Group