Enable encryption of your EFS file systems in order to protect your data and metadata from breaches or unauthorized access and fulfill compliance requirements for data-at-rest encryption within your organization.
You can enable encryption of data at rest when creating an Amazon EFS file system. 1. Open the Amazon Elastic File System console at https://console.aws.amazon.com/efs/.
2. Choose Create file system to open the file system creation wizard.
2a. For Step 1: Configure file system access, choose your VPC, create your mount targets, and then choose Next Step.
2b. For Step 2: Configure optional settings, add any tags, choose your performance mode, check the box to encrypt your file system, and then choose Next Step.
2c. For Step 3: Review and create, review your settings, and choose Create File System.
3. Check Enable encryption checkbox and choose the name of the AWS Key from Select KMS master key dropdown list to enable encryption using your own KMS CMK key.
4. The following guidance provides you instructions on how to enable At-Rest encryption for your Amazon EFS:https://docs.aws.amazon.com/efs/latest/ug/encryption.html