Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/epomatti/aws-efs-datasync

AWS EFS migration using DataSync and KMS
https://github.com/epomatti/aws-efs-datasync

aws aws-datasync aws-efs aws-kms aws-security datasync ec2 efs kms nfs terraform

Last synced: 7 months ago
JSON representation

AWS EFS migration using DataSync and KMS

Awesome Lists containing this project

README 

          
# AWS EFS Datasync



AWS EFS migration using DataSync and KMS.



A few notes about EFS encryption:



- **Encrypting file data at rest** - You can use:

  - AWS managed key (default) for Amazon EFS `aws/elasticfilesystem`.

  - A KMS CMK that you manage.

- **EFS encryption** - It is not possible to encrypt an existing EFS. You have to migrate the data to a new encrypted EFS.

- **Encrypting metadata at rest** - Amazon EFS uses the AWS managed key for Amazon EFS, `aws/elasticfilesystem`, to encrypt and decrypt file system metadata (that is, file names, directory names, and directory contents).






## Setup



Create the infrastructure:



```sh

terraform init

terraform apply -auto-approve

```



Both file shares will be [mounted][1] upon `user-data` execution. Example:



```sh

mkdir ~/efs-mount-point

sudo mount -t nfs -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport <>:/   ~/efs-mount-point

```



Permissions to add files is already granted by user data, if not, do it manually:



```sh

cd ~/efs-mount-point

sudo chmod go+rw .

```



Create a test file like `test.txt` in the unencrypted mount.



A DataSync task is already created. Trigger it from the CLI:



```sh

aws datasync start-task-execution --task-arn 

```



Use the console to monitor the execution and check CloudWatch logs for troubleshooting.



[1]: https://docs.aws.amazon.com/efs/latest/ug/wt1-test.html



---



### Clean-up



```sh

terraform destroy -auto-approve

```