The EFS service-linked role is predefined by Amazon EFS and includes permissions that the service requires to use other AWS services on your behalf. Examples include creating and deleting the Amazon Elastic Compute Cloud (Amazon EC2) Elastic Network Interfaces (ENIs) that Amazon EFS uses for the mount targets you use to access your EFS file systems.
Unlike a normal IAM role, you cannot delete the service-linked role if it is still in use by an Amazon EFS file system. This protects you from inadvertently revoking Amazon EFS’s required permissions to your resources. The addition of a service-linked role to Amazon EFS also helps with monitoring and auditing requirements in AWS CloudTrail by logging actions performed by Amazon EFS against its service-linked role.