EFS file system is Multi-AZ with more than one mount target
efs_multi_az_enabled
Amazon EFS file systems are assessed for multi-AZ resilience: Regional type (no availability_zone_id) with mount targets in more than one Availability Zone. Single-AZ (One Zone) or Regional with only one mount target is identified for attention.
Risk
Concentrating access through a single AZ or a lone mount target reduces availability. An AZ outage can sever client connectivity, causing downtime and I/O errors. A single mount target also forces cross-AZ traffic, increasing latency and costs and undermining resilience and seamless failover.
prowler aws --checks efs_multi_az_enabled
Recommendation
Use Regional EFS and create mount targets in each required Availability Zone to remove single points of failure and keep clients local to their AZ. Avoid One Zone for critical data. Periodically review mount target distribution to uphold high availability and fault tolerance.
Remediation
aws efs create-mount-target --file-system-id <FILE_SYSTEM_ID> --subnet-id <SUBNET_ID>
- In AWS Console, go to EFS > File systems > select your file system
- If File system type shows Regional: open the Network tab > Mount targets > Manage mount targets > Add mount target
- Select a subnet in a different Availability Zone and save
- If File system type shows One Zone: create a new EFS with File system type = Regional and create mount targets in at least two AZs; remount clients to the new file system and decommission the old one
Source Code
Resource Type
AwsEfsFileSystem