Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.iru.com/llms.txt

Use this file to discover all available pages before exploring further.

About Amazon Elastic File System (EFS)

The Amazon Elastic File System connector documents file systems, mount targets, access points, and lifecycle settings across Regions. Iru assumes an IAM role you control (sts:AssumeRole + external ID) and never mounts shares - it only calls AWS control-plane APIs.

How it works

Prefer AmazonElasticFileSystemReadOnlyAccess, or apply the inline JSON below for tighter elasticfilesystem reads plus supporting ec2:Describe* / cloudwatch calls used when correlating network context.
DetailValue
CategoryStorage
AuthenticationCross-account IAM role

Prerequisites

  • IAM rights to create roles.
  • At least one EFS file system if you expect non-empty evidence immediately.
  • Live connector principal and external ID.

Connect AWS EFS to Iru

Copy the trust policy from Iru

1

Open Sources

In Iru Compliance, on the left navigation bar, expand Compliance and select Sources.
Left navigation: Compliance expanded, Sources selected
2

Turn on AWS EFS

Find AWS EFS (use Category or Search by name or description). On that card, turn on the toggle. Leave the wizard tab open.
3

Copy the trust policy JSON

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::753695775620:role/IruConnect"
      },
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "YOUR_EXTERNAL_ID"
        }
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Create the IAM role in AWS

1

Start Create role

Open IAMRolesCreate role.
2

Configure trusted entity

Choose AWS accountAnother AWS account. Enter 753695775620 (or the ID Iru shows). Enable Require external ID and paste the external ID from Iru.
3

Attach EFS read permissions

Attach AmazonElasticFileSystemReadOnlyAccess, or attach this inline policy:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "elasticfilesystem:Describe*",
        "elasticfilesystem:List*",
        "cloudwatch:DescribeAlarms",
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics",
        "ec2:DescribeVpcs",
        "ec2:DescribeSubnets",
        "ec2:DescribeSecurityGroups"
      ],
      "Resource": "*"
    }
  ]
}
4

Name the role and copy the ARN

Name the role, create it, and copy the Role ARN.

Submit the role ARN in Iru

1

Paste the IAM Role ARN

Paste the Role ARN into the connector where the wizard prompts for it.
2

Confirm the source is Active

Submit until AWS EFS shows Active.

Troubleshooting

Check pop-up blocker settings for the Iru site and try again.
External ID mismatch.
File systems are Regional resources - ensure roles and assets align per Region.

Considerations

Evidence reflects API-visible configuration, not…

Evidence reflects API-visible configuration, not file contents.

See also