Top / Amazon Web Service / AWS Amazon EFS / Mount Target

AWS Amazon EFS Mount Target

This page shows how to write Terraform and CloudFormation for Amazon EFS Mount Target and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_efs_mount_target (Terraform)

The Mount Target in Amazon EFS can be configured in Terraform with the resource name aws_efs_mount_target. The following sections describe 1 example of how to use the resource and its parameters.

Example Usage from GitHub

efs.tf#L33
resource "aws_efs_mount_target" "mount_us_east_1a" {
  file_system_id = aws_efs_file_system.fs.id
  subnet_id      = data.aws_subnet.us_east_1a.id
  security_groups = [aws_security_group.efs_sg.id]
}

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Provides an Elastic File System (EFS) mount target.

>> from Terraform Registry

Tips: Best Practices for The Other AWS Amazon EFS Resources

In addition to the aws_efs_file_system, AWS Amazon EFS has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_efs_file_system

Enable at rest encryption of EFS

It is better to enable at rest encryption of EFS to reduce the risk of data leakage.

Review your AWS Amazon EFS settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::EFS::MountTarget (CloudFormation)

The MountTarget in EFS can be configured in CloudFormation with the resource name AWS::EFS::MountTarget. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

mozdef-efs.yml#L60
    Type: AWS::EFS::MountTarget
    Condition: Has1Subnets
    Properties:
      FileSystemId: !Ref ElasticFileSystem
      SubnetId: !Select [ 0, !Ref SubnetList ]
      SecurityGroups: [ !Ref MountTargetSecurityGroup ]
mozdef-efs.yml#L60
    Type: AWS::EFS::MountTarget
    Condition: Has1Subnets
    Properties:
      FileSystemId: !Ref ElasticFileSystem
      SubnetId: !Select [ 0, !Ref SubnetList ]
      SecurityGroups: [ !Ref MountTargetSecurityGroup ]
efs-file-system-with-data.yml#L331
    Type: AWS::EFS::MountTarget
    Properties:
      FileSystemId: !Ref ElasticFileSystemRetain
      SecurityGroups:
      - !Ref SecurityGroup
      SubnetId: !Select [ 0, !Ref Subnet ]
efs-file-system-with-data.yml#L331
    Type: AWS::EFS::MountTarget
    Properties:
      FileSystemId: !Ref ElasticFileSystemRetain
      SecurityGroups:
      - !Ref SecurityGroup
      SubnetId: !Select [ 0, !Ref Subnet ]
efs.yml#L24
    Type: AWS::EFS::MountTarget
    Properties:
      FileSystemId: !Ref EFSJenkinsHomeVolume
      SecurityGroups:
      - !Ref SecurityGroupEFS
      SubnetId: !Ref SubnetPublicA
make_sonarqube_EFS.tmplt.json#L98
      "Type": "AWS::EFS::MountTarget"
    },
    "SonarqubeEFSMount2": {
      "Properties": {
        "FileSystemId": {
          "Ref": "SonarqubeEFS"
make_artifactory-PRO_EFS.tmplt.json#L71
      "Type" : "AWS::EFS::MountTarget",
      "Properties" : {
        "FileSystemId": { "Ref": "ArtifactoryEFS" },
        "SecurityGroups": { "Ref": "EfsSg" },
        "SubnetId": { "Fn::Select": [ "0", { "Ref": "EfsSubnet" } ] }
      }
make_artifactory-EE_EFS.tmplt.json#L66
      "Type" : "AWS::EFS::MountTarget",
      "Properties" : {
        "FileSystemId": { "Ref": "ArtifactoryEFS" },
        "SecurityGroups": { "Ref": "EfsSg" },
        "SubnetId": { "Fn::Select": [ "0", { "Ref": "EfsSubnet" } ] }
      }
encyptedS3.json#L56
            "Type": "AWS::EFS::MountTarget",
            "Properties": {
                "SubnetId": {
                    "Ref": "PrivateSubnet0"
                },
                "FileSystemId": {
index.json#L28
    "Type" : "AWS::EFS::MountTarget",
    "Properties" : {
      "FileSystemId" : { "Ref": "FileSystem" },
      "SecurityGroups" : [{ "Ref": "EFSSecurityGroup" }],
      "SubnetId" : {
        "Fn::ImportValue": {

Parameters

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

The AWS::EFS::MountTarget resource is an Amazon EFS resource that creates a mount target for an EFS file system. You can then mount the file system on Amazon EC2 instances or other resources by using the mount target.

>> from AWS CloudFormation Documentation

The Other Related AWS Amazon EFS Resources

Frequently asked questions

What is AWS Amazon EFS Mount Target?

AWS Amazon EFS Mount Target is a resource for Amazon EFS of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Amazon EFS Mount Target?

For Terraform, the a-sinkavets/devops-task-02 source code example is useful. See the Terraform Example section for further details.

For CloudFormation, the mozilla/MozDef, gustcol/Canivete and pavantocemca40/DevOps source code examples are useful. See the CloudFormation Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents