DEV Community

Cover image for Amazon EFS Security Practices.
brlikhon
brlikhon

Posted on

Amazon EFS Security Practices.

We have already seen all the EFS performance parameters now let's understand few security best practices working with EFS.
-Data encryption in Amazon EFS: Amazon EFS supports two forms of encryption for file systems

  1. Encryption of Data in Transit and
  2. Encryption at rest. You can enable encryption of data at rest while creating the Amazon EFS file system and you can enable encryption of data in transit when you mount a file system.

-Identity access management for Amazon EFS: Access to Amazon EFS requires credentials that AWS can use to authenticate your requests. Those credentials must have permissions to access AWS resources such as Amazon EFS file system or an Amazon EC2 instance. IAM helps to secure your EFS resources by
controlling who can access them.

-Controlling network access to Amazon EFS file systems for NFS(Network File System) clients: You can control access by NFS clients to Amazon EFS file systems using network level security and EFS file system policies. You can use the network layer security mechanisms available with Amazon EC2 such as VPC security group rules and network ACLs(Access Control List). You can also use AWS IAM to control your NFS access with an EFS file system policy and identity based policies.

-Logging and Monitoring in Amazon EFS: Monitoring is an important part of maintaining the reliability, availability and performance of the Amazon EFS and your AWS solutions you should select monitoring data from all parts of the AWS solution. So that, you can easily debug a multi-point failure if one occurs. Amazon provides several tools for monitoring your Amazon EFS resources and responding to potential incidents.

-AWS managed policies for Amazon EFS: To add permissions to users groups and roles it is easier to use AWS managed policies than to write policies yourselves. It takes time and expertise to create IAM customer managed policies. That provide your team with only the permissions they needed. These policies cover common use
cases and are available in your AWS account.

-Compliance Validation for Amazon Elastic File System: Third party auditors assess the security and compliance of Amazon Elastic File System as a part of multiple AWS compliance programs.

-Resilience in Amazon Elastic File System: The AWS global infrastructure is built around AWS regions and availability zones.
AWS region provide multiple physically separated and isolated availability zones. Which are connected with low latency high throughput and highly redundant networking with availability zones. You can design and operate applications and databases that
automatically fail over between zones without interruption. Availability zones are more highly available, fault tolerant and scalable than traditional single or multi-data center infrastructures.

-Amazon Elastic File System Network Isolation: Network level isolation can be provided to Amazon Elastic File System using resource-based access policies, which can include restriction based on the source IP address or specific VPCs or specific
VPC endpoints.

Top comments (0)