Enforce encryption for Amazon Elastic File System resources using AWS IAM
You can now use AWS Identity and Access Management (AWS IAM) identity-based policies to enforce encryption of data at rest for your Amazon Elastic File System (Amazon EFS) file system resources. Using an IAM condition key, you can prevent users from creating EFS file systems that aren’t encrypted. Central security administrators can also define service control policies (SCPs) inside AWS Organizations to enforce EFS encryption for all AWS accounts in their organization.
Source:: Amazon AWS