@aws-cdk/aws-efs
Advanced tools
@aws-cdk/aws-efs is an AWS CDK library that allows you to define and manage Amazon Elastic File System (EFS) resources in your AWS infrastructure as code. It provides constructs for creating and configuring EFS file systems, access points, and mount targets.
Create an EFS File System
This code sample demonstrates how to create an EFS file system with specific lifecycle policies, performance mode, and throughput mode.
const efs = require('@aws-cdk/aws-efs');
const cdk = require('@aws-cdk/core');
const app = new cdk.App();
const stack = new cdk.Stack(app, 'EfsStack');
const fileSystem = new efs.FileSystem(stack, 'MyEfsFileSystem', {
vpc: vpc,
lifecyclePolicy: efs.LifecyclePolicy.AFTER_14_DAYS,
performanceMode: efs.PerformanceMode.GENERAL_PURPOSE,
throughputMode: efs.ThroughputMode.BURSTING,
});
app.synth();Create an EFS Access Point
This code sample demonstrates how to create an EFS access point with specific POSIX user and ACL settings.
const efs = require('@aws-cdk/aws-efs');
const cdk = require('@aws-cdk/core');
const app = new cdk.App();
const stack = new cdk.Stack(app, 'EfsStack');
const fileSystem = new efs.FileSystem(stack, 'MyEfsFileSystem', {
vpc: vpc,
});
const accessPoint = new efs.AccessPoint(stack, 'MyAccessPoint', {
fileSystem: fileSystem,
path: '/export/lambda',
posixUser: {
uid: '1001',
gid: '1001'
},
createAcl: {
ownerUid: '1001',
ownerGid: '1001',
permissions: '755'
},
});
app.synth();Create an EFS Mount Target
This code sample demonstrates how to create an EFS mount target in a specific subnet with a security group.
const efs = require('@aws-cdk/aws-efs');
const cdk = require('@aws-cdk/core');
const app = new cdk.App();
const stack = new cdk.Stack(app, 'EfsStack');
const fileSystem = new efs.FileSystem(stack, 'MyEfsFileSystem', {
vpc: vpc,
});
const mountTarget = new efs.CfnMountTarget(stack, 'MyMountTarget', {
fileSystemId: fileSystem.fileSystemId,
subnetId: vpc.privateSubnets[0].subnetId,
securityGroups: [securityGroup.securityGroupId],
});
app.synth();@aws-cdk/aws-s3 is a CDK library for defining Amazon S3 buckets and related resources. While it focuses on object storage rather than file storage, it provides similar infrastructure-as-code capabilities for managing storage resources in AWS.
@aws-cdk/aws-ec2 is a CDK library for defining Amazon EC2 instances, VPCs, and related networking resources. It can be used in conjunction with @aws-cdk/aws-efs to set up the necessary networking infrastructure for EFS file systems.
@aws-cdk/aws-rds is a CDK library for defining Amazon RDS databases and related resources. While it focuses on relational databases rather than file storage, it provides similar infrastructure-as-code capabilities for managing database resources in AWS.
Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. Amazon EFS provides file storage in the AWS Cloud. With Amazon EFS, you can create a file system, mount the file system on an Amazon EC2 instance, and then read and write data to and from your file system.
This module is part of the AWS Cloud Development Kit project.
Amazon EFS provides elastic, shared file storage that is POSIX-compliant. The file system you create supports concurrent read and write access from multiple Amazon EC2 instances and is accessible from all of the Availability Zones in the AWS Region where it is created. Learn more about EFS file systems
A Virtual Private Cloud (VPC) is required to create an Amazon EFS file system.
The following example creates a file system that is encrypted at rest, running in General Purpose
performance mode, and Bursting throughput mode and does not transition files to the Infrequent
Access (IA) storage class.
const fileSystem = new efs.FileSystem(this, 'MyEfsFileSystem', {
vpc: new ec2.Vpc(this, 'VPC'),
lifecyclePolicy: efs.LifecyclePolicy.AFTER_14_DAYS, // files are not transitioned to infrequent access (IA) storage by default
performanceMode: efs.PerformanceMode.GENERAL_PURPOSE, // default
outOfInfrequentAccessPolicy: efs.OutOfInfrequentAccessPolicy.AFTER_1_ACCESS, // files are not transitioned back from (infrequent access) IA to primary storage by default
});
⚠️ An Amazon EFS file system's performance mode can't be changed after the file system has been created. Updating this property will replace the file system.
Any file system that has been created outside the stack can be imported into your CDK app.
Use the fromFileSystemAttributes() API to import an existing file system.
Here is an example of giving a role write permissions on a file system.
import * as iam from '@aws-cdk/aws-iam';
const importedFileSystem = efs.FileSystem.fromFileSystemAttributes(this, 'existingFS', {
fileSystemId: 'fs-12345678', // You can also use fileSystemArn instead of fileSystemId.
securityGroup: ec2.SecurityGroup.fromSecurityGroupId(this, 'SG', 'sg-123456789', {
allowAllOutbound: false,
}),
});
If you need to grant file system permissions to another resource, you can use the .grant() API.
As an example, the following code gives elasticfilesystem:ClientWrite permissions to an IAM role.
const role = new iam.Role(this, 'Role', {
assumedBy: new iam.AnyPrincipal(),
});
fileSystem.grant(role, 'elasticfilesystem:ClientWrite');
An access point is an application-specific view into an EFS file system that applies an operating system user and group, and a file system path, to any file system request made through the access point. The operating system user and group override any identity information provided by the NFS client. The file system path is exposed as the access point's root directory. Applications using the access point can only access data in its own directory and below. To learn more, see Mounting a File System Using EFS Access Points.
Use the addAccessPoint API to create an access point from a fileSystem.
fileSystem.addAccessPoint('AccessPoint');
By default, when you create an access point, the root(/) directory is exposed to the client
connecting to the access point. You can specify a custom path with the path property.
If path does not exist, it will be created with the settings defined in the creationInfo.
See Creating Access Points for more details.
Any access point that has been created outside the stack can be imported into your CDK app.
Use the fromAccessPointAttributes() API to import an existing access point.
efs.AccessPoint.fromAccessPointAttributes(this, 'ap', {
accessPointId: 'fsap-1293c4d9832fo0912',
fileSystem: efs.FileSystem.fromFileSystemAttributes(this, 'efs', {
fileSystemId: 'fs-099d3e2f',
securityGroup: ec2.SecurityGroup.fromSecurityGroupId(this, 'sg', 'sg-51530134'),
}),
});
⚠️ Notice: When importing an Access Point using fromAccessPointAttributes(), you must make sure
the mount targets are deployed and their lifecycle state is available. Otherwise, you may encounter
the following error when deploying:
EFS file system <ARN of efs> referenced by access point <ARN of access point of EFS> has mount targets created in all availability zones the function will execute in, but not all are in the available life cycle state yet. Please wait for them to become available and try the request again.
To control who can access the EFS, use the .connections attribute. EFS has
a fixed default port, so you don't need to specify the port:
fileSystem.connections.allowDefaultPortFrom(instance);
Learn more about managing file system network accessibility
After you create a file system, you can create mount targets. Then you can mount the file system on EC2 instances, containers, and Lambda functions in your virtual private cloud (VPC).
The following example automatically mounts a file system during instance launch.
fileSystem.connections.allowDefaultPortFrom(instance);
instance.userData.addCommands("yum check-update -y", // Ubuntu: apt-get -y update
"yum upgrade -y", // Ubuntu: apt-get -y upgrade
"yum install -y amazon-efs-utils", // Ubuntu: apt-get -y install amazon-efs-utils
"yum install -y nfs-utils", // Ubuntu: apt-get -y install nfs-common
"file_system_id_1=" + fileSystem.fileSystemId,
"efs_mount_point_1=/mnt/efs/fs1",
"mkdir -p \"${efs_mount_point_1}\"",
"test -f \"/sbin/mount.efs\" && echo \"${file_system_id_1}:/ ${efs_mount_point_1} efs defaults,_netdev\" >> /etc/fstab || " +
"echo \"${file_system_id_1}.efs." + Stack.of(this).region + ".amazonaws.com:/ ${efs_mount_point_1} nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport,_netdev 0 0\" >> /etc/fstab",
"mount -a -t efs,nfs4 defaults");
Learn more about mounting EFS file systems
Since file systems are stateful resources, by default the file system will not be deleted when your stack is deleted.
You can configure the file system to be destroyed on stack deletion by setting a removalPolicy
const fileSystem = new efs.FileSystem(this, 'EfsFileSystem', {
vpc: new ec2.Vpc(this, 'VPC'),
removalPolicy: RemovalPolicy.DESTROY,
});
FAQs
The CDK Construct Library for AWS::EFS
The npm package @aws-cdk/aws-efs receives a total of 112,341 weekly downloads. As such, @aws-cdk/aws-efs popularity was classified as popular.
We found that @aws-cdk/aws-efs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.
Security News
Cloudflare is expanding Node.js compatibility for Workers and Pages, enabling developers to use more npm packages through a hybrid approach that combines native code and polyfills for Node.js APIs.
Security News
The Python Software Foundation has expanded its CNA scope to include the Pallets Projects, enabling faster, more reliable CVE tracking for critical frameworks used in Python applications.