[Bug]: efs_not_publicly_accessible does not consider recommended AWS condition.

[lucasaboud0]

Steps to Reproduce

Just run:
prowler -c efs_not_publicly_accessible -M json -F **** -R arn:aws:iam::****:role/**** -f us-east-1

Expected behaviour

Maybe set PASS to this issues.

Actual Result with Screenshots or Logs

{
  "AssessmentStartTime": "2024-04-26T16:24:14.909086",
  "FindingUniqueId": "prowler-aws-efs_not_publicly_accessible-****-us-east-1-fs-****",
  "Provider": "aws",
  "CheckID": "efs_not_publicly_accessible",
  "CheckTitle": "Check if EFS have policies which allow access to everyone",
  "CheckType": [
    "Protect",
    "Data protection"
  ],
  "ServiceName": "efs",
  "SubServiceName": "",
  "Status": "FAIL",
  "StatusExtended": "EFS fs-**** has a policy which allows access to everyone.",
  "Severity": "critical",
  "ResourceType": "AwsEFSFileSystem",
  "ResourceDetails": "",
  "Description": "Check if EFS have policies which allow access to everyone",
  "Risk": "EFS accessible to everyone could expose sensitive data to bad actors",
  "RelatedUrl": "",
  "Remediation": {
    "Code": {
      "NativeIaC": "",
      "Terraform": "",
      "CLI": "",
      "Other": ""
    },
    "Recommendation": {
      "Text": "Ensure efs has some policy but it does not have principle as *",
      "Url": "https://docs.aws.amazon.com/efs/latest/ug/access-control-block-public-access.html"
    }
  },
  "Compliance": {
    "MITRE-ATTACK": [
      "T1530"
    ],
    "AWS-Well-Architected-Framework-Security-Pillar": [
      "SEC03-BP07"
    ]
  },
  "Categories": [],
  "DependsOn": [],
  "RelatedTo": [],
  "Notes": "",
  "Profile": null,
  "AccountId": "****",
  "OrganizationsInfo": null,
  "Region": "us-east-1",
  "ResourceId": "****",
  "ResourceArn": "arn:aws:elasticfilesystem:us-east-1:****:file-system/fs-****",
  "ResourceTags": {
    "ManagedByAmazonSageMakerResource": "arn:aws:sagemaker:us-east-1:****:domain/d-****"
  }
}

How did you install Prowler?

Cloning the repository from github.com (git clone)

Environment Resource

EFS

OS used

Mac

Prowler version

3.15.0

Pip version

23.2.1

Context

Hello everyone,

I recently came across the alert "efs_not_publicly_accessible" on AWS. I followed the recommendations provided by AWS (https://docs.aws.amazon.com/efs/latest/ug/access-control-block-public-access.html), but Prowler still identifies it as an issue.

I reached out to Amazon to confirm if the solution presented in the documentation is sufficient, and they confirmed that it is.

Could you please check the possibility of making an exception when the condition "elasticfilesystem:AccessedViaMountTarget": "true" is present?

[jfagoagas]

Hi @lucasaboud0, we will take a look at this as soon as possible. Thanks for using Prowler 🚀

Note for reviewers: Implement the following conditions https://docs.aws.amazon.com/efs/latest/ug/access-control-block-public-access.html#what-is-a-public-policy

[sergargar]

Hey @lucasaboud0 , I have done a PR to cover all possible cases including the one that you mentioned. Let me know if it works for you !

[lucasaboud0]

Yeah! It works well.