We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Just run: prowler -c efs_not_publicly_accessible -M json -F **** -R arn:aws:iam::****:role/**** -f us-east-1
prowler -c efs_not_publicly_accessible -M json -F **** -R arn:aws:iam::****:role/**** -f us-east-1
Maybe set PASS to this issues.
{ "AssessmentStartTime": "2024-04-26T16:24:14.909086", "FindingUniqueId": "prowler-aws-efs_not_publicly_accessible-****-us-east-1-fs-****", "Provider": "aws", "CheckID": "efs_not_publicly_accessible", "CheckTitle": "Check if EFS have policies which allow access to everyone", "CheckType": [ "Protect", "Data protection" ], "ServiceName": "efs", "SubServiceName": "", "Status": "FAIL", "StatusExtended": "EFS fs-**** has a policy which allows access to everyone.", "Severity": "critical", "ResourceType": "AwsEFSFileSystem", "ResourceDetails": "", "Description": "Check if EFS have policies which allow access to everyone", "Risk": "EFS accessible to everyone could expose sensitive data to bad actors", "RelatedUrl": "", "Remediation": { "Code": { "NativeIaC": "", "Terraform": "", "CLI": "", "Other": "" }, "Recommendation": { "Text": "Ensure efs has some policy but it does not have principle as *", "Url": "https://docs.aws.amazon.com/efs/latest/ug/access-control-block-public-access.html" } }, "Compliance": { "MITRE-ATTACK": [ "T1530" ], "AWS-Well-Architected-Framework-Security-Pillar": [ "SEC03-BP07" ] }, "Categories": [], "DependsOn": [], "RelatedTo": [], "Notes": "", "Profile": null, "AccountId": "****", "OrganizationsInfo": null, "Region": "us-east-1", "ResourceId": "****", "ResourceArn": "arn:aws:elasticfilesystem:us-east-1:****:file-system/fs-****", "ResourceTags": { "ManagedByAmazonSageMakerResource": "arn:aws:sagemaker:us-east-1:****:domain/d-****" } }
Cloning the repository from github.com (git clone)
EFS
Mac
3.15.0
23.2.1
Hello everyone,
I recently came across the alert "efs_not_publicly_accessible" on AWS. I followed the recommendations provided by AWS (https://docs.aws.amazon.com/efs/latest/ug/access-control-block-public-access.html), but Prowler still identifies it as an issue.
I reached out to Amazon to confirm if the solution presented in the documentation is sufficient, and they confirmed that it is.
Could you please check the possibility of making an exception when the condition "elasticfilesystem:AccessedViaMountTarget": "true" is present?
The text was updated successfully, but these errors were encountered:
Hi @lucasaboud0, we will take a look at this as soon as possible. Thanks for using Prowler 🚀
Note for reviewers: Implement the following conditions https://docs.aws.amazon.com/efs/latest/ug/access-control-block-public-access.html#what-is-a-public-policy
Sorry, something went wrong.
Hey @lucasaboud0 , I have done a PR to cover all possible cases including the one that you mentioned. Let me know if it works for you !
Yeah! It works well.
sergargar
Successfully merging a pull request may close this issue.
Steps to Reproduce
Just run:
prowler -c efs_not_publicly_accessible -M json -F **** -R arn:aws:iam::****:role/**** -f us-east-1
Expected behaviour
Maybe set PASS to this issues.
Actual Result with Screenshots or Logs
How did you install Prowler?
Cloning the repository from github.com (git clone)
Environment Resource
EFS
OS used
Mac
Prowler version
3.15.0
Pip version
23.2.1
Context
Hello everyone,
I recently came across the alert "efs_not_publicly_accessible" on AWS. I followed the recommendations provided by AWS (https://docs.aws.amazon.com/efs/latest/ug/access-control-block-public-access.html), but Prowler still identifies it as an issue.
I reached out to Amazon to confirm if the solution presented in the documentation is sufficient, and they confirmed that it is.
Could you please check the possibility of making an exception when the condition "elasticfilesystem:AccessedViaMountTarget": "true" is present?
The text was updated successfully, but these errors were encountered: