Detecting Unencrypted File Systems
Your organization may have a requirement to identify Amazon EFS resources that are not encrypted. You can detect unencrypted file systems by using AWS Config Managed Rules. AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resources comply with common best practices and flag the resources failing the rules as NON_COMPLIANT.
You can use the AWS Managed Config rule efs-encrypted-check
to check whether Amazon Elastic File System (Amazon EFS) is configured to encrypt the file data using AWS Key Management Service (AWS KMS). For more information about setting up and activating the AWS Managed Rules, see Working with AWS Config Managed Rules.