EFS access points should enforce a user identity
efs_access_point_enforce_user_identity
This control checks whether Amazon EFS access points are configured to enforce a user identity. This control fails if a POSIX user identity is not defined while creating the EFS access point.
Risk
Without enforcing a user identity, access to the file system can become less controlled, leading to potential unauthorized access or modifications.
Run this check with Prowler CLI
prowler aws --checks efs_access_point_enforce_user_identity
ARN template
arn:aws:elasticfilesystem:{region}:{account-id}:access-point/{access-point-id}
Remediation
aws efs create-access-point --file-system-id <file-system-id> --posix-user Uid=<uid>,Gid=<gid>
https://docs.aws.amazon.com/securityhub/latest/userguide/efs-controls.html#efs-4
Create or update the EFS access point to enforce a user identity using POSIX attributes for Uid and Gid.
Source Code
References
Resource Type
AwsEfsAccessPoint