Skip to main content

aws_efs_file_systems resource

[edit on GitHub]

Use the aws_efs_file_systems InSpec audit resource to test the properties of some or all AWS EFS file systems. To audit a single EFS file system, use aws_efs_file_ststem (singular).

This resource is added to InSpec AWS resource pack in version 1.10.0 and it is available with InSpec 4.18.108 and later versions.


An aws_efs_file_systems resource block collects a group of EFS file system descriptions and then tests that group.

describe aws_efs_file_systems
  it { should exist }


This resource does not expect any parameters.


Property Description
tags The list of tags that the EFS file system has.
names The value of the Name (case sensitive) tag if it is defined.
file_system_ids The ID of the EFS file system.
creation_tokens The creation token that the EFS file system is associated.
owner_ids The owner id of the EFS file system.
entries Provides access to the raw results of the query, which can be treated as an array of hashes.
creation_times The creation time of the EFS file system
performance_modes The performance mode of the EFS file system, e.g. ‘maxIO’.
encryption_status This indicates whether the EFS file system is encrypted or not.
throughput_modes The throughput mode of the EFS file system.
kms_key_ids The ID of an AWS Key Management Service (AWS KMS) customer master key (CMK) that was used to protect the encrypted EFS file system.
size_in_bytes The latest known metered size (in bytes) of data stored in the file system, in its value field.
life_cycle_states The life cycle phase of the EFS file system, e.g. ‘deleting’.


Ensure you have exactly 3 file systems

describe aws_efs_file_systems do
  its("entries.count") { should cmp 3 }

Use this InSpec resource to request the IDs of all EFS file systems, then test in-depth using aws_efs_file_system.

aws_efs_file_systems.file_system_ids.each do |file_system_id|
  describe aws_efs_file_system(file_system_id) do
    its("tags") { should include("companyName" => "My Company Name") }
    it { should be_encrypted }
    its("throughput_mode") { should eq "bursting" }
    its("performance_mode") { should eq "generalPurpose" }


For a full list of available matchers, please visit our Universal Matchers page.


The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_efs_file_systems.where( <property>: <value>) do
  it { should exist }

describe aws_efs_file_systems.where( <property>: <value>) do
  it { should_not exist }

AWS Permissions

Your Principal will need the elasticfilesystem:DescribeFileSystems action set to allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon EFS, and Actions, Resources, and Condition Keys for Identity And Access Management.

Was this page helpful?


Search Results