Checks/Aws/Test-EfsNotPubliclyAccessible.ps1
|
function Test-EfsNotPubliclyAccessible { <# .SYNOPSIS EFS file system policy does not allow access to any client within the VPC .DESCRIPTION **Amazon EFS** file system policy is assessed for **public or VPC-wide access**. Policies with broad `Principal` values or that permit any client in the VPC without the `elasticfilesystem:AccessedViaMountTarget` condition are identified. *An absent or empty policy is treated as open to VPC clients.* .PARAMETER Check CIEMCheck object containing check metadata. #> [CmdletBinding()] [OutputType([PSCustomObject[]])] param( [Parameter(Mandatory)] [CIEMCheck]$Check ) $ErrorActionPreference = 'Stop' # TODO: Implement check logic based on Prowler check: efs_not_publicly_accessible [CIEMScanResult]::Create($Check, 'MANUAL', 'This check requires manual implementation. See Prowler check efs_not_publicly_accessible for reference.', 'N/A', 'efs Resources') } |