When is the EFS policy condition elasticfilesystem:AccessedViaMountTarget false? Can an EFS volume be accessed without a mount target?

Question

I've been looking into EFS file system policies, and still haven't understood what kind of access would be blocked in this policy:

{
    "Version": "2012-10-17",
    "Id": "efs-policy-wizard-15ad9567-2546-4bbb-8168-5541b6fc0e55",
    "Statement": [
        {
            "Sid": "efs-statement-14a7191c-9401-40e7-a388-6af6cfb7dd9c",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": [
                "elasticfilesystem:ClientMount",
                "elasticfilesystem:ClientWrite",
                "elasticfilesystem:ClientRootAccess"
            ],
            "Condition": {
                "Bool": {
                    "elasticfilesystem:AccessedViaMountTarget": "true"
                }
            }
        }
    ]
}

But not in this one (without the condition):

{
    "Version": "2012-10-17",
    "Id": "efs-policy-wizard-15ad9567-2546-4bbb-8168-5541b6fc0e55",
    "Statement": [
        {
            "Sid": "efs-statement-14a7191c-9401-40e7-a388-6af6cfb7dd9c",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": [
                "elasticfilesystem:ClientMount",
                "elasticfilesystem:ClientWrite",
                "elasticfilesystem:ClientRootAccess"
            ]
        }
    ]
}

As I understand it, mount targets are what gives your EFS volume an IP for you to access it. Is it possible to have an access that is not via a mount target?

Answer 1

The second policy is considered a public access policy for the EFS. The meaning of "public" is different then, for example, in a public s3 buckets.

From what I understand, for the end user there is no difference between public and non-public. The only difference seems to be related to internal systems that AWS uses. Namely for AWS Transfer Family. From docs:

When you use Amazon EFS with AWS Transfer Family, file system access requests received from a Transfer Family server that is owned by a different account than the file system are blocked if the file system allows public access.

Since the second policy is considered a public, AWS Transfer Family will not work with EFS. Thus you have to ensure that your filesystem is non-public.