Description:

Amazon Elastic File System (Amazon EFS) provides simple, scalable, highly available, and highly durable shared file systems in the cloud. The file systems you create using Amazon EFS are elastic, allowing them to grow and shrink automatically as you add and remove data. They can grow in size to petabytes, distributing data across an unconstrained number of storage servers in multiple Availability Zones (AZs).


Rational:

AWS offers an easy-to-deploy EFS-to-EFS backup solutioAWS offers an easy-to-deploy EFS-to-EFS backup solution that automatically creates incremental backups of an Amazon EFS file system on a customer-defined schedule.n that automatically creates incremental backups of an Amazon EFS file system on a customer-defined schedule.AWS offers an easy-to-deploy EFS-to-EFS backup solution that automatically creates incremental backups of an Amazon EFS file system on a customer-defined schedule.


Impact:

Implement a backup solution to recover from unintended changes or deletions to file systems.


Default value:

By default, EFS will enable automatic backups.


Audit:

  • Login to AWS management console

  • Go to EFS service at https://console.aws.amazon.com/efs/

  • Click on the File Systems in the left navigation pane

  • Select the file system you want to examine and click on view details

  • Under Automatic backups see whether it’s enabled or disabled

    If you notice Backups are Disabled follow the implementation steps to enable.


Via CLI:

aws efs describe-backup-policy --file-system-id <value>


Remediation:

Pre-requisites:

  • Sign in as admin or IAM user with required permissions


Implementation steps:

  • Login to AWS management console

  • Go to EFS service at https://console.aws.amazon.com/efs/

  • Click on the File Systems in the left navigation pane

  • Select the file system you want to modify and click on view details

  • Click on Edit in the top
  • Check the Enable automatic backups checkBox and click on save changes


Backout plan:

  • Login to AWS management console

  • Go to EFS service at https://console.aws.amazon.com/efs/

  • Click on the File Systems in the left navigation pane

  • Select the file system you want to modify and click on view details

  • Click on Edit in the top

  • Uncheck the Enable automatic backups checkBox and click on save changes


Reference:

What is Amazon Elastic File System? - Amazon Elastic File System