Description:
Amazon Elastic File System (EFS) is a managed file system service that makes it easy to create, store, and share files in the cloud. By default, EFS creates a default policy that allows everyone to access the file system. However, it is important to ensure that this policy is amended to only allow access to authorized users.

Rationale:
If the default policy is not amended, then anyone could access the file system. This could lead to data breaches, financial losses, or even system downtime.

Impact:
If the default policy is not amended, then this could have a significant impact on your organization. For example, if an attacker were to gain access to the file system, they could steal your data or use it to launch other attacks. This could lead to data breaches, financial losses, or even system downtime.

Default Value:
By default, EFS creates a default policy that allows everyone to access the file system. This policy is created when you create the file system.

Pre-requisites:

  • You must have an AWS account and be logged in to the AWS Management Console.
  • You must have the elasticfilesystem:CreateMountTarget permission.


Remediation Steps:

  1. Sign in to the AWS Management Console.
  2. Go to the AWS EFS console.
  3. Select the file system that you want to review.
  4. Click Policies.
  5. Review the default policy.
  6. If the default policy allows everyone to access the file system, amend the policy to only allow access to authorized users.


Test Plan:

  1. Verify that the default policy has been amended to only allow access to authorized users.
  2. Try to access the file system from an unauthorized user.
  3. If you are unable to access the file system, then the default policy has been amended correctly.


Implementation Plan:

  1. Create a policy that only allows authorized users to access the file system.
  2. Implement the policy by attaching the policy to the file system.
  3. Monitor the status of the policy to ensure that only authorized users can access the file system.


AWS CLI Process:

  1. Run the following command to list the policies for the file system:
aws elasticfilesystem describe-file-system-policies --file-system-id <file-system-id>
  1. Review the list of policies.
  2. If the default policy allows everyone to access the file system, amend the policy to only allow access to authorized users.
  3. Run the following command to attach the policy to the file system:
aws elasticfilesystem attach-file-system-policy --file-system-id <file-system-id> --policy-document file://<policy-document.json>

Using AWS GUI:

  1. Go to the AWS EFS console.
  2. Select the file system that you want to review.
  3. Click Policies.
  4. Review the default policy.
  5. If the default policy allows everyone to access the file system, amend the policy to only allow access to authorized users.
  6. Click Save.


Backout Plan:

  1. If you accidentally delete the default policy, you can restore it by running the following command:
aws elasticfilesystem restore-file-system-policy --file-system-id <file-system-id> --policy-id <policy-id>
  1. You can also roll back the policy that only allows authorized users to access the file system.

Note:

  • This policy only applies to EFS file systems that have the default policy that allows everyone to access the file system.
  • You can also use the AWS CLI or the AWS EFS API to list, describe, and attach policies to EFS file systems.
  • For more information, see the EFS documentation: https://docs.aws.amazon.com/efs/latest/ug/whatisefs.html