Posted On: Sep 16, 2020
You can now use AWS Identity and Access Management (AWS IAM) identity-based policies to enforce encryption of data at rest for your HAQM Elastic File System (HAQM EFS) file system resources. Using an IAM condition key, you can prevent users from creating EFS file systems that aren’t encrypted. Central security administrators can also define service control policies (SCPs) inside AWS Organizations to enforce EFS encryption for all AWS accounts in their organization.
This capability complements enforcing encryption of data in transit using file system policies, IAM Authorization for NFS clients, and EFS Access Points as tools to manage access to your EFS resources at scale. Enforcing encryption of data at rest is available in all AWS Regions where EFS is available at no additional charge. To get started, see the HAQM EFS user guide.