Aws EFS

calendar May 29, 2024 · 2 min read · aws efs  ·
Share on: linkedin copy

(this post if part of the material I cover in my devops course)

AWS EFS

About EFS

  • Amazon Elastic File System (Amazon EFS) provides serverless, fully elastic file storage so that you can share file data without provisioning or managing storage capacity and performance.
    • serverless: meaning you don't have to create a server of any kind
    • elastic: it grows and shrink as the need scales up and down
    • share: multiple virtual machines (ec2) can connect to EFS
  • Amazon EFS is built to scale on demand to petabytes without disrupting applications
  • EFS provides file-storage (as opposed to block-storage or object-storage)
  • EFS is based on NFS (network file system) and supports version 4.1
  • There are 2 types of EFS file systems:
    • Regional – (recommended) store data redundantly across multiple Availability Zones within the same AWS Region
    • One Zone – store data within a single Availability Zone

EFS networking

  • When you are creating an EFS, choose Customize to see some details.
  • Basically, EFS work within a single VPC (virtual private cloud).
  • You can connect to it from another VPC's or other accounts, but it will require additional configurations (like VPC peering)
  • When you create an EFS file system, you specify the VPC and the AZs (so subnets) in which the mount targets for the file system will be created. Later on, servers will mount those to use EFS.
  • Each mount-target gets its own security group, and note that it may take a minute or two until you see those mount targets created.

EFS Features

  • Amazon EFS supports two forms of encryption for file systems, encryption of data in transit (using TLS) and encryption at rest.
  • Lifecycle policies allow automatic changes of files between the different storage classes (EFS Standard, EFS Infrequent Access (IA) and EFS Archive)
  • You can use both IAM identity policies and resource policies to control client access to Amazon EFS resources
  • EFS Access Points
    • provide a way to manage application access to EFS file systems.
    • They allow you to enforce user and group permissions for file system access
    • You can specify a root directory for the access point
    • By using different access points, you can isolate applications from each other on the same file system