In this case, your File System policy is a resource policy and the instance policy would be considered an IAM Identity Policy. For resources in the same account, these are treated as a logical or. It is also important to remember policy evaluation logic.
First, Explicit Denies are evaluated, then Explicit Allows, then Implicit Denies.
Explicit Denies --> Explicit Allows --> Implicit Denies
In this case, your EFS policy is an Allow for read, so if the instance policy has an explicit allow for writing, it will not be denied. If you're looking to secure the EFS volume further, you would need to use an explicit deny on the policy itself (and you can use this in conjunction with allows).
Copy Data from EFS to EFS in Same Account & Regionasked 4 days ago
Is it possible to use an encrypted file system with CodeBuild?asked 4 years ago
How to avoid circular dependencies between EFS and access point in file system policy of Cloudformation templateasked 3 months ago
DataSync with EFS Source fails when policy requires encryption in transit.Accepted Answerasked 6 months ago
Is it possible to disable file caching when using EFS with Lambda?asked 2 months ago
[Announcement] Amazon Elastic File System (Amazon EFS) is now available in the AWS Asia Pacific (Jakarta) Regionasked 10 months ago
Why is my EFS File system policy blocking Fargate from mounting the EFS even though it includes the Task Execution Role arn?asked a month ago
Unknown parameter in LifecyclePolicies: TransitionToPrimaryStorageClass with AWS CLI in EFSAccepted Answerasked a year ago
Mounting EBS or EFS as File System in on Premise Instancesasked 15 days ago
EFS File system policy with IAM Instance Profile collisionAccepted Answerasked a year ago