Use Case for AWS EFS Unused File System Detector

Quick Links

Configure AWS EFS Unused File System Detector
Use Case for AWS EFS Unused File System Detector
Triage Guides by Violation Type
1. Triage AWS EFS Unused File System Detector EFS_UNUSED_MOUNT

AWS EFS Unused File System Detector

This policy identifies Amazon Elastic File System (EFS) resources that may no longer be in use. Specifically, it targets file systems without active mounts and which have been in existence for longer than a configurable number of days.

Why This Policy?

Cost Efficiency: Unused file systems incur unnecessary charges.
Resource Hygiene: Eliminates clutter and reduces the attack surface for security threats.
Operations: Identifies resources for potential cleanup or repurposing.

How It Works

The policy evaluates EFS resources based on two variables:

ageThreshold: Number of days old a file system must be to be considered for evaluation. Defaults to 30.
mountThreshold: Maximum number of mounts allowed before the resource is considered inactive. Defaults to 0.

If a file system has been around longer than ageThreshold and has a number of mounts less than or equal to mountThreshold, it is reported as a policy violation.

Violation Types

EFS_UNUSED_MOUNT: Indicates a file system is potentially unused based on the lack of mounts and its age.

Use Case for AWS EFS Unused File System Detector

Quick Links​

AWS EFS Unused File System Detector

Why This Policy?​

How It Works​

Violation Types​

Quick Links

Why This Policy?

How It Works

Violation Types