diff --git a/ecs.tf b/ecs.tf
index 40fb87a..f693c75 100644
--- a/ecs.tf
+++ b/ecs.tf
@@ -24,6 +24,39 @@ resource "aws_ecs_task_definition" "main_task" {
       host_path = volume.value.host_path
     }
   }
+
+  dynamic "volume" {
+    for_each = [for v in var.efs_volumes : {
+      name                    = v.name
+      host_path               = v.host_path
+      file_system_id          = v.file_system_id
+      root_directory          = v.root_directory
+      transit_encryption      = v.transit_encryption
+      transit_encryption_port = v.transit_encryption_port
+      authorization_config    = v.authorization_config
+    }]
+
+    content {
+      name      = volume.value.name
+      host_path = volume.value.host_path
+
+      efs_volume_configuration {
+        file_system_id          = volume.value.file_system_id
+        root_directory          = volume.value.root_directory
+        transit_encryption      = coalesce(volume.value.transit_encryption, volume.value.authorization_config != null ? "ENABLED" : "DISABLED")
+        transit_encryption_port = volume.value.transit_encryption_port
+
+        dynamic "authorization_config" {
+          for_each = [volume.value.authorization_config]
+
+          content {
+            access_point_id = authorization_config.value["access_point_id"]
+            iam             = authorization_config.value["iam"]
+          }
+        }
+      }
+    }
+  }
 }
 
 resource "aws_ecs_service" "main_service" {
diff --git a/variables.tf b/variables.tf
index 9cfa6fb..52eb53e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -172,6 +172,24 @@ variable "volumes" {
   description = "A list of definitions to attach volumes to the ECS task. Amazon does not allow empty volume names once declared, so defaulting to a dummy name if this var is left unused."
 }
 
+variable "efs_volumes" {
+  type = list(object({
+    name                    = string
+    host_path               = optional(string)
+    file_system_id          = string
+    root_directory          = optional(string)
+    transit_encryption      = optional(string)
+    transit_encryption_port = optional(number)
+    authorization_config    = optional(object({
+      access_point_id = optional(string)
+      iam             = optional(string)
+    }))
+  }))
+
+  default     = []
+  description = "A list of definitions to attach EFS volumes to the ECS task. Name and file_system_id are required."
+}
+
 variable "task_role_arn" {
   default     = ""
   description = "The arn of the iam role you wish to pass to the ecs task containers."
@@ -232,4 +250,4 @@ variable "lb_target_type" {
   type        = string
   default     = "instance"
   description = "The target type of the LBs, needs to be set to IP for fargate"
-}
\ No newline at end of file
+}