Top / Amazon Web Service / AWS Amazon EFS / File System Policy

AWS Amazon EFS File System Policy

This page shows how to write Terraform and CloudFormation for Amazon EFS File System Policy and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_efs_file_system_policy (Terraform)

The File System Policy in Amazon EFS can be configured in Terraform with the resource name aws_efs_file_system_policy. The following sections describe 2 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L7
resource "aws_efs_file_system_policy" "this" {
  file_system_id = var.file_system_id
  policy         = var.policy
}
efs_file_system_policy.tf#L4
resource "aws_efs_file_system_policy" "efs_file_system_policy" {
  count = var.enable_efs_file_system_policy ? 1 : 0

  file_system_id = var.efs_file_system_policy_file_system_id != "" ? var.efs_file_system_policy_file_system_id : (var.enable_efs_file_system ? element(aws_efs_file_system.efs_file_system.*.id, 0) : null)

  policy = var.efs_file_system_policy_policy

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Provides an Elastic File System (EFS) File System Policy resource.

>> from Terraform Registry

Tips: Best Practices for The Other AWS Amazon EFS Resources

In addition to the aws_efs_file_system, AWS Amazon EFS has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_efs_file_system

Enable at rest encryption of EFS

It is better to enable at rest encryption of EFS to reduce the risk of data leakage.

Review your AWS Amazon EFS settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::EFS::FileSystem LifecyclePolicy (CloudFormation)

The FileSystem LifecyclePolicy in EFS can be configured in CloudFormation with the resource name AWS::EFS::FileSystem LifecyclePolicy. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

TransitionToIA Describes the period of time that a file is not accessed, after which it transitions to IA storage. Metadata operations such as listing the contents of a directory don't count as file access events.
Required: No
Type: String
Allowed values: AFTER_14_DAYS | AFTER_30_DAYS | AFTER_60_DAYS | AFTER_7_DAYS | AFTER_90_DAYS
Update requires: No interruption

TransitionToPrimaryStorageClass Describes when to transition a file from IA storage to primary storage. Metadata operations such as listing the contents of a directory don't count as file access events.
Required: No
Type: String
Allowed values: AFTER_1_ACCESS
Update requires: No interruption

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

A policy used by EFS lifecycle management to transition files to the Infrequent Access (IA) storage classes. For more information, see EFS Lifecycle Management in the Amazon EFS User Guide.

>> from AWS CloudFormation Documentation

The Other Related AWS Amazon EFS Resources

Frequently asked questions

What is AWS Amazon EFS File System Policy?

AWS Amazon EFS File System Policy is a resource for Amazon EFS of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Amazon EFS File System Policy?

For Terraform, the niveklabs/aws and asrkata/SebastianUA-terraform source code examples are useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents