Menu
FSX (AWS Elastic File Cache)
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Based on SOC occupation classification
eBPF-based post-exploitation for kernel-level credential harvesting, process hiding, and traffic interception on Linux
AWS post-exploitation for IAM privilege escalation, data exfiltration, persistence, and operational security via boto3
Azure/Entra ID post-exploitation for tenant compromise, Key Vault extraction, managed identity abuse, and token manipulation
CI/CD pipeline attacks for secret extraction, pipeline injection, and supply chain compromise via GitHub/Jenkins/GitLab
Kubernetes post-exploitation for container escape, secret extraction, RBAC abuse, and cluster persistence
macOS post-exploitation for credential harvesting, DTrace monitoring, TCC bypass, and stealth operations via native tools
| name | cis-aws-storage-4.1 |
| description | FSX (AWS Elastic File Cache) |
| category | cis-storage-services |
| version | 1.0.0 |
| author | cyberstrike-official |
| tags | ["cis","aws","storage","fsx","file-cache","level-2"] |
| cis_id | 4.1 |
| cis_benchmark | CIS AWS Storage Services Benchmark v1.0.0 |
| tech_stack | ["aws"] |
| cwe_ids | [] |
| chains_with | ["cis-aws-storage-4.2","cis-aws-storage-4.3","cis-aws-storage-4.4"] |
| prerequisites | [] |
| severity_boost | {} |
Amazon File Cache is a fully managed, high speed cache on AWS that is used to process file data, regardless of where such data is stored. AWS File Cache is a serverless service on AWS that spares the administrators from the burden of managing file servers and storage volumes, updating hardware, configuring software, running out of capacity, or tuning performance. AWS Elastic File Cache is capable of handling hundreds of GB/s of throughput and up to millions of operations per second. AWS FSx is an excellent service for cost optimization and high scalability. Amazon File Cache automatically loads data into the cache when it's accessed for the first time and automatically releases data when it's not used.
Amazon File Cache is used as a temporary, high performance storage location for data that's stored in on-premises file systems, AWS file systems, and Amazon S3 buckets. This service is used for data processing and is best suited for applications that need high data processing speeds. This is not a long term storage option.
Not implementing Amazon Elastic File Cache as a high-performance caching layer can result in slower data processing times and increased latency when accessing data from primary storage systems. This may lead to reduced application performance and operational efficiency.
Amazon File Cache can be linked to various data repositories including:
Steps:
No specific CLI audit commands are provided in this control as it is primarily informational about the FSX service capabilities.
File Cache should be properly configured and linked to authorized data repositories. The cache should transparently present S3 or NFS objects as files and directories.
To implement Amazon File Cache:
Ensure you have the necessary prerequisites:
Navigate to the Amazon FSx console
Configure File Cache to link to your data repositories
You can link a maximum of eight repositories
All linked repositories must be using the same file system (either S3 or NFS)
Amazon File Cache is compatible with:
No specific CLI remediation commands are provided as this is a configuration guidance control.
By default, Amazon File Cache is not enabled. It must be explicitly configured and linked to data repositories.
| Controls Version | Control | IG 1 | IG 2 | IG 3 |
|---|---|---|---|---|
| v8 | 3.3 Configure Data Access Control Lists Configure data access control lists based on a user's need to know. Apply data access control lists, also known as access permissions, to local and remote file systems, databases, and applications. | ● | ● | ● |
| v8 | 8.3 Ensure Adequate Audit Log Storage Ensure that logging destinations maintain adequate storage to comply with the enterprise's audit log management process. | ● | ● | ● |
| v7 | 13.4 Only Allow Access to Authorized Cloud Storage or Email Providers Only allow access to authorized cloud storage or email providers. | ● | ● | |
| v7 | 14.6 Protect Information through Access Control Lists Protect all information stored on systems with file system, network share, claims, application, or database specific access control lists. These controls will enforce the principle that only authorized individuals should have access to the information based on their need to access the information as a part of their responsibilities. | ● | ● | ● |
Level 2
