I am looking to securing an EFS file system against unauthorised access. This article states that:
When evaluating whether a file system allows public access, Amazon EFS assumes that the file system policy is public. It then evaluates the file system policy to determine if it qualifies as non-public.
Are Security Groups on EFS mount targets the first line of defence against unauthorised access with file system policies providing a means for more granular access? I am unclear how these concepts work together for securing an EFS file system.