Encrypting data in transit - Amazon Elastic File System

Encrypting data in transit

Enabling encryption of data in transit for your Amazon EFS file system is done by enabling Transport Layer Security (TLS) when you mount your file system using the Amazon EFS mount helper. For more information, see Using the EFS mount helper to mount EFS file systems.

When encryption of data in transit is declared as a mount option for your Amazon EFS file system, the mount helper initializes a client stunnel process. Stunnel is an open source multipurpose network relay. The client stunnel process listens on a local port for inbound traffic, and the mount helper redirects Network File System (NFS) client traffic to this local port. The mount helper uses TLS version 1.2 to communicate with your file system.

To mount your Amazon EFS file system with the mount helper with encryption of data in transit enabled
  1. Access the terminal for your instance through Secure Shell (SSH), and log in with the appropriate user name. For more information on how to do this, see Connect to your Linux instance from Linux or macOS using SSH.

  2. Run the following command to mount your file system.

    sudo mount -t efs -o tls fs-12345678:/ /mnt/efs