# AWS - EFS Post Exploitation

{{#include ../../../banners/hacktricks-training.md}}

## EFS

For more information check:

{{#ref}}
../aws-services/aws-efs-enum.md
{{#endref}}

### `elasticfilesystem:DeleteMountTarget`

An attacker could delete a mount target, potentially disrupting access to the EFS file system for applications and users relying on that mount target.

```sql
aws efs delete-mount-target --mount-target-id <value>
```

**Potential Impact**: Disruption of file system access and potential data loss for users or applications.

### `elasticfilesystem:DeleteFileSystem`

An attacker could delete an entire EFS file system, which could lead to data loss and impact applications relying on the file system.

```perl
aws efs delete-file-system --file-system-id <value>
```

**Potential Impact**: Data loss and service disruption for applications using the deleted file system.

### `elasticfilesystem:UpdateFileSystem`

An attacker could update the EFS file system properties, such as throughput mode, to impact its performance or cause resource exhaustion.

```sql
aws efs update-file-system --file-system-id <value> --provisioned-throughput-in-mibps <value>
```

**Potential Impact**: Degradation of file system performance or resource exhaustion.

### `elasticfilesystem:CreateAccessPoint` and `elasticfilesystem:DeleteAccessPoint`

An attacker could create or delete access points, altering access control and potentially granting themselves unauthorized access to the file system.

```arduino
aws efs create-access-point --file-system-id <value> --posix-user <value> --root-directory <value>
aws efs delete-access-point --access-point-id <value>
```

**Potential Impact**: Unauthorized access to the file system, data exposure or modification.

{{#include ../../../banners/hacktricks-training.md}}