Description:

EFS provides a scalable and fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. The policy checks if EFS has controlled access and its backup schedules are configured.


Remediation:

On-demand backups

Using either the AWS Backup Management Console or the CLI, you can save a single resource to a backup vault on-demand. Unlike with scheduled backups, you don't need to create a backup plan to initiate an on-demand backup. You can still assign a lifecycle to your backup, which automatically moves the recovery point to the cold storage tier and notes when to delete it.


Automatic backups

When you create a file system using the Amazon EFS Console, automatic backups are turned on by default. You can turn on automatic backups after creating your file system using the CLI or API. The default EFS backup plan uses the AWS Backup recommended settings for automatic backups - daily backups with a 35 day retention period. The backups created using the default EFS backup plan are stored in a default EFS backup vault which is also created by EFS on your behalf. The default backup plan and backup vault cannot be deleted. You can edit the default backup plan settings using the AWS Backup Management Console.


  1. Open the Amazon Elastic File System console at https://console.aws.amazon.com/efs/.

  2. In the File systems page, choose the file system that you want to turn automatic backups on or off for and display the File system details page.

  3. Choose Edit in the General settings panel.

    • To turn automatic backups on, select Enable automatic backups.

    • To turn automatic backups off, clear Enable automatic backups.

  4. Choose Save changes.


Reference:

https://docs.aws.amazon.com/efs/latest/ug/awsbackup.html