This seems like a pretty significant deviation from the way that filesystems are supposed to behave on Unix-like systems. When a process creates an object in the filesystem (a file or directory, or something more exotic like a Unix domain socket), the object should start out owned by the eUID of the process.
Yes, agreed. This EFS volume isn’t exactly part of our required architecture - rather, customers can specify any volume of their choosing for the logs directory so this only affects a subset of our customers who are specifying EFS without explicitly setting the uid/gid (probably all customers using EFS)