AWS Amazon EFS File System Policy
This page shows how to write Terraform and CloudFormation for Amazon EFS File System Policy and write them securely.
aws_efs_file_system_policy (Terraform)
The File System Policy in Amazon EFS can be configured in Terraform with the resource name aws_efs_file_system_policy
. The following sections describe 2 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_efs_file_system_policy" "this" {
file_system_id = var.file_system_id
policy = var.policy
}
resource "aws_efs_file_system_policy" "efs_file_system_policy" {
count = var.enable_efs_file_system_policy ? 1 : 0
file_system_id = var.efs_file_system_policy_file_system_id != "" ? var.efs_file_system_policy_file_system_id : (var.enable_efs_file_system ? element(aws_efs_file_system.efs_file_system.*.id, 0) : null)
policy = var.efs_file_system_policy_policy
Parameters
-
file_system_id
required - string -
id
optional computed - string -
policy
required - string
Explanation in Terraform Registry
Provides an Elastic File System (EFS) File System Policy resource.
Tips: Best Practices for The Other AWS Amazon EFS Resources
In addition to the aws_efs_file_system, AWS Amazon EFS has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_efs_file_system
Enable at rest encryption of EFS
It is better to enable at rest encryption of EFS to reduce the risk of data leakage.
AWS::EFS::FileSystem LifecyclePolicy (CloudFormation)
The FileSystem LifecyclePolicy in EFS can be configured in CloudFormation with the resource name AWS::EFS::FileSystem LifecyclePolicy
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
TransitionToIA
Describes the period of time that a file is not accessed, after which it transitions to IA storage. Metadata operations such as listing the contents of a directory don't count as file access events.
Required: No
Type: String
Allowed values: AFTER_14_DAYS | AFTER_30_DAYS | AFTER_60_DAYS | AFTER_7_DAYS | AFTER_90_DAYS
Update requires: No interruption
TransitionToPrimaryStorageClass
Describes when to transition a file from IA storage to primary storage. Metadata operations such as listing the contents of a directory don't count as file access events.
Required: No
Type: String
Allowed values: AFTER_1_ACCESS
Update requires: No interruption
Explanation in CloudFormation Registry
A policy used by EFS lifecycle management to transition files to the Infrequent Access (IA) storage classes. For more information, see EFS Lifecycle Management in the Amazon EFS User Guide.
Frequently asked questions
What is AWS Amazon EFS File System Policy?
AWS Amazon EFS File System Policy is a resource for Amazon EFS of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon EFS File System Policy?
For Terraform, the niveklabs/aws and asrkata/SebastianUA-terraform source code examples are useful. See the Terraform Example section for further details.