EFS also comes inside the VPC; so, the following are the options for security:
- Security group: We must open only the NFS port in the security group to access EFS on a specific IP in order to get it mounted.
- Read write and execute permission: EFS works as Unix-style read, write, and execute permissions based on the user and group ID asserted by the mounting NFSv4.1 client. So, you can define file- and folder-level permissions to users.
- Encryption: In EFS, you can define encryption for metadata and data at rest. For this, you need to enable encryption while creating the filesystem. It can be enabled using Console, CLI, and SDK.
- API calls: You can define the IAM policy for EFS access to users and API calls. The IAM policy will ...