EFS is the acronym for Elastic File System. It is a managed Network File System (NFS) that can be mounted on several Linux EC2 instances to allow for file sharing between the instances. EFS is multi-AZ so it can be mounted on instances in different availability zones. This guide will walk you through the creation of an EFS FileSystem on AWS using CloudFormation automation template.
The benefits of using an EFS include:
- Though more expensive than Elastic Block Store (EBS Volumes) you only pay for what you use.
- It can easily scale up to Petabytes of data.
- Provides Encryption Options hence highly secure.
- It is highly available and durable.
The Use cases for EFS Include:
- Web Applications.
- Content management.
- Data analytics.
- Container storage.
Step 1: Check Prerequisites/Requirements
Before proceeding to create the EFS file system, the user needs to have:
- An AWS Account.
- Created a user with permissions to create resources on the AWS Account.
- An IDE like visual studio code to write and edit your CloudFormation Template.
- Created a VPC with subnets and an Internet Connection.
- Created an EC2 security group. EC2 instances will use it to connect to the EFS for mounting.
Step 2: Create the EFS File System
The EFS file system can be created manually or using a CloudFormation template.
Create EFS with CloudFormation Template
To use CloudFormation, find the below template that creates the EFS file system and the Mount Targets.
AWSTemplateFormatVersion: "2010-09-09"
Description: "Create EFS system and Mount Targets for test VPC"
Parameters:
VPC:
Type: String
Description: The VPC identity
Default: vpc-ID
SubnetID1:
Type: String
Description: The subnet where to launch the service
Default: subnet-ID
SubnetID2:
Type: String
Description: the subnet where to Launch the service
Default: subnet-ID
SubnetID3:
Type: String
Description: The subnet where to launch the service
Default: subnet-ID
SubnetID4:
Type: String
Description: the subnet where to Launch the service
Default: subnet-ID
Resources:
EFSSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: "security group for the prod EFS"
GroupName: "test-EFS-SG"
VpcId: !Ref VPC
SecurityGroupIngress:
-
SourceSecurityGroupId: sg-ID
Description: "servers to connect to efs"
FromPort: 2049
IpProtocol: "tcp"
ToPort: 2049
Tags:
-
Key: Environment
Value: prod
-
Key: Name
Value: test-VPC-EFS-SG
-
Key: Project
Value: test-blog
-
Key: createdBy
Value: Maureen Barasa
EFSFileSystem:
Type: AWS::EFS::FileSystem
Properties:
BackupPolicy:
Status: ENABLED
Encrypted: true
LifecyclePolicies:
- TransitionToIA: AFTER_60_DAYS
PerformanceMode: generalPurpose
Encrypted: true
ThroughputMode: bursting
FileSystemTags:
-
Key: Environment
Value: test
-
Key: Name
Value: test-VPC-EFS
-
Key: Project
Value: test-blog
-
Key: createdBy
Value: Maureen Barasa
MountTarget1:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId: !Ref EFSFileSystem
IpAddress: *.*.*.*
SecurityGroups:
- !Ref EFSSecurityGroup
SubnetId: !Ref SubnetID1
MountTarget2:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId: !Ref EFSFileSystem
IpAddress: *.*.*.*
SecurityGroups:
- !Ref EFSSecurityGroup
SubnetId: !Ref SubnetID2
MountTarget3:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId: !Ref EFSFileSystem
IpAddress: *.*.*.*
SecurityGroups:
- !Ref EFSSecurityGroup
SubnetId: !Ref SubnetID3
MountTarget4:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId: !Ref EFSFileSystem
IpAddress: *.*.*.*
SecurityGroups:
- !Ref EFSSecurityGroup
SubnetId: !Ref SubnetID4
Outputs:
EFS:
Description: The created EFS
Value: !Ref EFSFileSystem
EFSMountTarget1:
Description: The EFS MountTarget1
Value: !Ref MountTarget1
EFSMountTarget2:
Description: The EFS MountTarget2
Value: !Ref MountTarget2
EFSMountTarget3:
Description: The EFS MountTarget3
Value: !Ref MountTarget3
EFSMountTarget4:
Description: The EFS MountTarget4
Value: !Ref MountTarget4
We deploy the Template using either a CodePipeline or create a stack on the CloudFormation console.
The CloudFormation Template Explained
The template comprises 3 sections. The Parameters, Resources and Outputs sections.
Parameters:
In the resources section, we require the user to input the dynamic variables of their template. For our case, the user should replace the:
- VPC ID (Replace with your VPC ID)
- Subnet ID (Replace with your subnet ID’s)
Also, the subnets included should be the subnets where the user intends to create the mount targets for the EFS.
Resources:
Here the user defines the AWS resources to create. For our case, we start by creating the EFS security group. The user should change:
- SourceSecurityGroupId (Should reflect the security group of the ec2 instances that should access the EFS).
Next, it creates the EFS file system. The user should go through the file system properties and change to their specific requirements. For example:
- Performance mode (We can either choose general-purpose or maximum IO (Max IO)
- Throughput mode (The user can choose either bursting or provisioned)
Also, the user should pay attention to the tags to customize as needed.
Finally, the mount targets are created. Here the user should change:
- The IP address of each Mount Target (It should reflect an Unused IP on the subnet CIDR Block).
For example, if your subnet block CIDR is 10.0.0.0/26, The first 5 IP’s and the last IP are reserved. Hence the user can use any unassigned IP from 10.0.0.7 to 10.0.0.62
Outputs:
The outputs section of the template instructs CloudFormation to output the names of the resources created. For example, in our case, we have instructed the template to output:
- Name/ID of the EFS created.
- Names/ID’s of the Mount Target Created.
Create the EFS Manually on EFS Console
On the EFS console, select file systems. Then click create file system.
Next, on the create file system screen click customize.
Then, input your file system settings as per your specific requirements.
Now, the user should input the network access settings for the file system. This includes the VPC, the subnets for the mount targets, and the security groups. When done click next.
After, the user should set the policy for their EFS. This part is optional though. When done click next.
Finally, the user can review the settings and click create if satisfied with everything. Your file system will now be created.
Watch out for my next article where I explain how to Mount the EFS to your Linux instances.
Important Links
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html
- https://aws.amazon.com/efs/
- https://docs.aws.amazon.com/efs/latest/ug/whatisefs.html
Happy Building!!!
