Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/geekcell/terraform-aws-efs

Terraform module to provision an AWS EFS.
https://github.com/geekcell/terraform-aws-efs

aws efs efs-backup terraform terraform-module

Last synced: about 1 month ago
JSON representation

Terraform module to provision an AWS EFS.

Host: GitHub
URL: https://github.com/geekcell/terraform-aws-efs
Owner: geekcell
License: apache-2.0
Created: 2023-02-07T09:57:42.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2024-02-15T11:47:42.000Z (10 months ago)
Last Synced: 2024-04-22T00:33:54.616Z (8 months ago)
Topics: aws, efs, efs-backup, terraform, terraform-module
Language: HCL
Homepage: https://www.geekcell.io
Size: 45.9 KB
Stars: 0
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        
[![Geek Cell GmbH](https://raw.githubusercontent.com/geekcell/.github/main/geekcell-github-banner.png)](https://www.geekcell.io/)

### Code Quality

[![License](https://img.shields.io/github/license/geekcell/terraform-aws-efs)](https://github.com/geekcell/terraform-aws-efs/blob/master/LICENSE)

[![GitHub release (latest tag)](https://img.shields.io/github/v/release/geekcell/terraform-aws-efs?logo=github&sort=semver)](https://github.com/geekcell/terraform-aws-efs/releases)

[![Release](https://github.com/geekcell/terraform-aws-efs/actions/workflows/release.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-efs/actions/workflows/release.yaml)

[![Validate](https://github.com/geekcell/terraform-aws-efs/actions/workflows/validate.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-efs/actions/workflows/validate.yaml)

[![Lint](https://github.com/geekcell/terraform-aws-efs/actions/workflows/linter.yaml/badge.svg)](https://github.com/geekcell/terraform-aws-efs/actions/workflows/linter.yaml)

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [access\_points](#input\_access\_points) | List of access points to create. | 
map(object({
    posix_user = optional(object({
      gid            = number
      uid            = number
      secondary_gids = optional(list(number))
    }))

    root_directory = optional(object({
      path = string

      creation_info = optional(object({
        owner_gid   = number
        owner_uid   = number
        permissions = string
      }))
    }))
  })) | `{}` | no |

|  [aws\_iam\_principals](#input\_aws\_iam\_principals) | AWS IAM principals which will be allowed to access the file system via the EFS policy. | `list(string)` | [
  "*"
] | no |

|  [bypass\_policy\_lockout\_safety\_check](#input\_bypass\_policy\_lockout\_safety\_check) | A flag to indicate whether to bypass the aws\_efs\_file\_system\_policy lockout safety check. | `bool` | `false` | no |

|  [enable\_customer\_managed\_kms](#input\_enable\_customer\_managed\_kms) | If enabled, will create a customer managed KMS key for at-rest encryption. | `bool` | `false` | no |

|  [enable\_enhanced\_backups](#input\_enable\_enhanced\_backups) | Enable enhanced backups. | `bool` | `false` | no |

|  [encrypted](#input\_encrypted) | If true, the disk will be encrypted. | `bool` | `true` | no |

|  [enforce\_read\_only\_default](#input\_enforce\_read\_only\_default) | Enforce read-only access to the file system. Identity-based policies can override these default permissions. | `bool` | `false` | no |

|  [enforce\_transit\_encryption](#input\_enforce\_transit\_encryption) | Enforce in-transit encryption for all clients. | `bool` | `true` | no |

|  [kms\_key\_id](#input\_kms\_key\_id) | The ARN of the AWS KMS to encrypt the file system. Defaults to the AWS managed KMS key. | `string` | `null` | no |

|  [name](#input\_name) | The name of the file system. | `string` | n/a | yes |

|  [performance\_mode](#input\_performance\_mode) | The file system performance mode. Can be either `generalPurpose` or `maxIO`. | `string` | `"generalPurpose"` | no |

|  [prevent\_anonymous\_access](#input\_prevent\_anonymous\_access) | Prevent anonymous access to the file system. | `bool` | `false` | no |

|  [prevent\_root\_access\_default](#input\_prevent\_root\_access\_default) | Prevent root access to the file system. Identity-based policies can override these default permissions. | `bool` | `false` | no |

|  [private\_subnets](#input\_private\_subnets) | A list of private subnets inside the VPC. | `list(string)` | n/a | yes |

|  [provisioned\_throughput\_in\_mibps](#input\_provisioned\_throughput\_in\_mibps) | The throughput, measured in MiB/s, that you want to provision for the file system. | `number` | `0` | no |

|  [security\_groups](#input\_security\_groups) | A list of security group IDs to associate with the file system. | `list(string)` | n/a | yes |

|  [tags](#input\_tags) | A mapping of tags to assign to all resources. | `map(string)` | `{}` | no |

|  [throughput\_mode](#input\_throughput\_mode) | Throughput mode for the file system. Valid values: `bursting`, `provisioned`, or `elastic`. | `string` | `"elastic"` | no |

|  [transition\_to\_archive](#input\_transition\_to\_archive) | Indicates how long it takes to transition files to the archive storage class. Accepted values AFTER\_7\_DAYS, AFTER\_14\_DAYS, AFTER\_30\_DAYS, AFTER\_60\_DAYS, AFTER\_90\_DAYS. | `string` | `"AFTER_90_DAYS"` | no |

|  [transition\_to\_ia](#input\_transition\_to\_ia) | Indicates how long it takes to transition files to the IA storage class. Accepted values AFTER\_7\_DAYS, AFTER\_14\_DAYS, AFTER\_30\_DAYS, AFTER\_60\_DAYS, AFTER\_90\_DAYS. | `string` | `"AFTER_30_DAYS"` | no |

|  [transition\_to\_primary\_storage\_class](#input\_transition\_to\_primary\_storage\_class) | Describes the policy used to transition a file from infequent access storage to primary storage. Only AFTER\_1\_ACCESS is accepted | `string` | `"AFTER_1_ACCESS"` | no |

## Outputs

| Name | Description |

|------|-------------|

|  [access\_point\_arns](#output\_access\_point\_arns) | ARNs of created access points. |

|  [access\_point\_ids](#output\_access\_point\_ids) | IDs of created access points. |

|  [arn](#output\_arn) | ARN of filesystem. |

|  [dns\_name](#output\_dns\_name) | DNS address of filesystem. |

|  [id](#output\_id) | Id of filesystem. |

|  [kms\_key\_id](#output\_kms\_key\_id) | ID of the KMS key used to encrypt the EFS. |

|  [number\_of\_mount\_targets](#output\_number\_of\_mount\_targets) | Number of mount targets of the EFS file system. |

|  [size\_in\_bytes](#output\_size\_in\_bytes) | Size of the EFS file system. |

## Providers

| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | >= 5.35 |

|  [random](#provider\_random) | >= 3.4 |

## Resources

- resource.aws_efs_access_point.main (main.tf#48)

- resource.aws_efs_file_system.main (main.tf#3)

- resource.aws_efs_file_system_policy.main (main.tf#41)

- resource.aws_efs_mount_target.main (main.tf#32)

- resource.random_uuid.main (main.tf#1)

- data source.aws_iam_policy_document.main (data.tf#1)

# Examples

### Basic Example

```hcl

module "basic-example" {

  source = "../../"

  name = var.storage_name

  private_subnets = var.private_subnets

  security_groups = var.security_groups

}

```

### with enhanced Backups

```hcl

module "with-enhanced-backups" {

  source = "../../"

  name            = "efs1"

  private_subnets = ["subnet-12345678", "subnet-12345678"]

  security_groups = ["sg-12345678"]

  enable_enhanced_backups = true

}

```