Turbot Guardrails Hub 
Hub
Policy Packs
AWS CIS v3.0.0 - Section 2 - Storage
Overview
16
Policy Settings
0
Variables
DevelopersGithub

Policy Setting: AWS > EFS > Mount Target > Approved > Custom

Policies

This policy setting is dependent on the following policy types:

Source

resource "turbot_policy_setting" "aws_efs_mount_target_approved_custom" {
  resource       = turbot_policy_pack.main.id
  type           = "tmod:@turbot/aws-efs#/policy/types/mountTargetApprovedCustom"
  note           = "AWS CIS v3.0.0 - Control: 2.4.1"
  template_input = <<-EOT
    {
      mountTarget {
        parent {
          encrypted: get(path:"Encrypted")
        }
      }
    }
    EOT
  template       = <<-EOT
    title: "EFS Filesystem Encryption"
    {%- if $.mountTarget.parent.encrypted -%}


      {%- set data = {
          "title": "EFS Filesystem Encryption",
          "result": "Approved",
          "message": "Filesystem is encrypted"
      } -%}


    {%- else -%}


      {%- set data = {
          "title": "EFS Filesystem Encryption",
          "result": "Not approved",
          "message": "Filesystem is not encrypted"
      } -%}


    {%- endif -%}
    {{ data | json }}
  EOT
}