Improving Ensure EFS is configured to encrypt file data using KMS

Signed-off-by: Hossein Rouhani <h_rouhani@hotmail.com>
mondoohq · mm-weber · Apr 21, 2024 · Apr 17, 2024 · Apr 17, 2024 · Apr 17, 2024
commit 51b382d6adb323b0b76959228eba6361b2c37fc6
diff --git a/core/mondoo-aws-security.mql.yaml b/core/mondoo-aws-security.mql.yaml
@@ -1945,7 +1945,7 @@
        .where(publiclyAccessible != false)
        .none(securityGroups.where(
          vpc.routeTables.where(
            routes.any(GatewayId == /igw-/ && DestinationCidrBlock == "0.0.0.0/0")
          )
        )
      )
@@ -1956,7 +1956,7 @@
      aws.rds.dbinstance.publiclyAccessible == false
      aws.rds.dbinstance.securityGroups.none(
        vpc.routeTables.where(
          routes.any(GatewayId == /igw-/ && DestinationCidrBlock == "0.0.0.0/0")
        )
      )
  - uid: mondoo-aws-security-rds-instance-public-access-check
@@ -2232,9 +2232,8 @@
     filters: |
       asset.platform == "aws-efs-filesystem"
     mql: |
-      aws.efs.filesystems
-        .where(id == asset.name)
-        .all(encrypted == true && kmsKey != null)
+      aws.efs.filesystems.all(encrypted == true)
+      aws.efs.filesystems.all(kmsKey != empty)
     docs:
       desc: |
         Amazon EFS supports two forms of encryption for file systems, encryption of data in transit and encryption at rest. This check ensures that all EFS file systems are configured with encryption at rest across all enabled regions in the account.