Creating an Encrypted File System Using the AWS CLI - Encrypting File Data with Amazon Elastic File System

Creating an Encrypted File System Using the AWS CLI

When you use the AWS CLI to create an encrypted file system, you can use additional parameters to set the encryption status and customer managed CMK. Be sure you are using the latest version of the AWS CLI. For information about how to upgrade your AWS CLI, see Installing, Updating, and Uninstalling the AWS CLI in the AWS Command Line Interface User Guide.

In the CreateFileSystem operation, the --encrypted parameter is a Boolean and is required for creating encrypted file systems. The --kms-key-id is required only when you use a customer managed CMK and you include the key’s alias or ARN. Do not include this parameter if you’re using the AWS managed CMK.

$ aws efs create-file-system \ --creation-token $(uuidgen) \ --performance-mode generalPurpose \ --encrypted \ --kms-key-id user/customer-managedCMKalias

For more information about creating Amazon EFS file systems using the AWS Management Console, AWS CLI, AWS SDKs, or Amazon EFS API, see What is Amazon Elastic File System Amazon EFS User Guide.