fix: modify efs policy to enforce encryption in-transit

Lenox Hsu · Lenox Hsu · commit b2a5b3e16f2f · 2024-12-05T17:32:07.000-05:00
diff --git a/recipes/storage/efs_simple/assets/main.yaml b/recipes/storage/efs_simple/assets/main.yaml
@@ -80,6 +80,14 @@ Resources:
             Condition:
               Bool:
                 'elasticfilesystem:AccessedViaMountTarget': 'true'
+          - Sid: efs-enforce-tls
+            Effect: Deny
+            Principal:
+              AWS: '*'
+            Action: '*'
+            Condition:
+              Bool:
+                'aws:SecureTransport': 'false'
       BackupPolicy: 
         Status: !Ref AutomaticBackups
       Encrypted: true
