https://github.com/terraform-aws-modules/terraform-aws-efs
Terraform module to create AWS EFS resources πΊπ¦
https://github.com/terraform-aws-modules/terraform-aws-efs
aws-efs elastic-file-system terraform terraform-aws-module terraform-module
Last synced: 4 months ago
JSON representation
Terraform module to create AWS EFS resources πΊπ¦
- Host: GitHub
- URL: https://github.com/terraform-aws-modules/terraform-aws-efs
- Owner: terraform-aws-modules
- License: apache-2.0
- Created: 2022-10-24T14:09:37.000Z (almost 3 years ago)
- Default Branch: master
- Last Pushed: 2025-03-29T22:17:45.000Z (6 months ago)
- Last Synced: 2025-06-05T08:45:42.470Z (4 months ago)
- Topics: aws-efs, elastic-file-system, terraform, terraform-aws-module, terraform-module
- Language: HCL
- Homepage: https://registry.terraform.io/modules/terraform-aws-modules/efs/aws
- Size: 76.2 KB
- Stars: 28
- Watchers: 5
- Forks: 51
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# AWS EFS Terraform module
Terraform module which creates AWS EFS (elastic file system) resources.
[](https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md)
## Usage
See [`examples`](https://github.com/terraform-aws-modules/terraform-aws-efs/tree/master/examples) directory for working examples to reference:
```hcl
module "efs" {
source = "terraform-aws-modules/efs/aws"
# File system
name = "example"
creation_token = "example-token"
encrypted = true
kms_key_arn = "arn:aws:kms:eu-west-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
# performance_mode = "maxIO"
# NB! PROVISIONED TROUGHPUT MODE WITH 256 MIBPS IS EXPENSIVE ~$1500/month
# throughput_mode = "provisioned"
# provisioned_throughput_in_mibps = 256
lifecycle_policy = {
transition_to_ia = "AFTER_30_DAYS"
}
# File system policy
attach_policy = true
bypass_policy_lockout_safety_check = false
policy_statements = [
{
sid = "Example"
actions = ["elasticfilesystem:ClientMount"]
principals = [
{
type = "AWS"
identifiers = ["arn:aws:iam::111122223333:role/EfsReadOnly"]
}
]
}
]
# Mount targets / security group
mount_targets = {
"eu-west-1a" = {
subnet_id = "subnet-abcde012"
}
"eu-west-1b" = {
subnet_id = "subnet-bcde012a"
}
"eu-west-1c" = {
subnet_id = "subnet-fghi345a"
}
}
security_group_description = "Example EFS security group"
security_group_vpc_id = "vpc-1234556abcdef"
security_group_rules = {
vpc = {
# relying on the defaults provided for EFS/NFS (2049/TCP + ingress)
description = "NFS ingress from VPC private subnets"
cidr_blocks = ["10.99.3.0/24", "10.99.4.0/24", "10.99.5.0/24"]
}
}
# Access point(s)
access_points = {
posix_example = {
name = "posix-example"
posix_user = {
gid = 1001
uid = 1001
secondary_gids = [1002]
}
tags = {
Additionl = "yes"
}
}
root_example = {
root_directory = {
path = "/example"
creation_info = {
owner_gid = 1001
owner_uid = 1001
permissions = "755"
}
}
}
}
# Backup policy
enable_backup_policy = true
# Replication configuration
create_replication_configuration = true
replication_configuration_destination = {
region = "eu-west-2"
}
tags = {
Terraform = "true"
Environment = "dev"
}
}
```
## Examples
Examples codified under the [`examples`](https://github.com/terraform-aws-modules/terraform-aws-efs/tree/master/examples) are intended to give users references for how to use the module(s) as well as testing/validating changes to the source code of the module. If contributing to the project, please be sure to make any appropriate updates to the relevant examples to allow maintainers to test your changes and to keep the examples up to date for users. Thank you!
- [Complete](https://github.com/terraform-aws-modules/terraform-aws-efs/tree/master/examples/complete)
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
| [aws](#requirement\_aws) | >= 5.35 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | >= 5.35 |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [aws_efs_access_point.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_access_point) | resource |
| [aws_efs_backup_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_backup_policy) | resource |
| [aws_efs_file_system.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_file_system) | resource |
| [aws_efs_file_system_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_file_system_policy) | resource |
| [aws_efs_mount_target.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_mount_target) | resource |
| [aws_efs_replication_configuration.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_replication_configuration) | resource |
| [aws_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_iam_policy_document.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [access\_points](#input\_access\_points) | A map of access point definitions to create | `any` | `{}` | no |
| [attach\_policy](#input\_attach\_policy) | Determines whether a policy is attached to the file system | `bool` | `true` | no |
| [availability\_zone\_name](#input\_availability\_zone\_name) | The AWS Availability Zone in which to create the file system. Used to create a file system that uses One Zone storage classes | `string` | `null` | no |
| [bypass\_policy\_lockout\_safety\_check](#input\_bypass\_policy\_lockout\_safety\_check) | A flag to indicate whether to bypass the `aws_efs_file_system_policy` lockout safety check. Defaults to `false` | `bool` | `null` | no |
| [create](#input\_create) | Determines whether resources will be created (affects all resources) | `bool` | `true` | no |
| [create\_backup\_policy](#input\_create\_backup\_policy) | Determines whether a backup policy is created | `bool` | `true` | no |
| [create\_replication\_configuration](#input\_create\_replication\_configuration) | Determines whether a replication configuration is created | `bool` | `false` | no |
| [create\_security\_group](#input\_create\_security\_group) | Determines whether a security group is created | `bool` | `true` | no |
| [creation\_token](#input\_creation\_token) | A unique name (a maximum of 64 characters are allowed) used as reference when creating the Elastic File System to ensure idempotent file system creation. By default generated by Terraform | `string` | `null` | no |
| [deny\_nonsecure\_transport](#input\_deny\_nonsecure\_transport) | Determines whether `aws:SecureTransport` is required when connecting to elastic file system | `bool` | `true` | no |
| [deny\_nonsecure\_transport\_via\_mount\_target](#input\_deny\_nonsecure\_transport\_via\_mount\_target) | Determines whether to use the common policy option for denying nonsecure transport which allows all AWS principals when accessed via EFS mounted target | `bool` | `true` | no |
| [enable\_backup\_policy](#input\_enable\_backup\_policy) | Determines whether a backup policy is `ENABLED` or `DISABLED` | `bool` | `true` | no |
| [encrypted](#input\_encrypted) | If `true`, the disk will be encrypted | `bool` | `true` | no |
| [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN for the KMS encryption key. When specifying `kms_key_arn`, encrypted needs to be set to `true` | `string` | `null` | no |
| [lifecycle\_policy](#input\_lifecycle\_policy) | A file system [lifecycle policy](https://docs.aws.amazon.com/efs/latest/ug/API_LifecyclePolicy.html) object | `any` | `{}` | no |
| [mount\_targets](#input\_mount\_targets) | A map of mount target definitions to create | `any` | `{}` | no |
| [name](#input\_name) | The name of the file system | `string` | `""` | no |
| [override\_policy\_documents](#input\_override\_policy\_documents) | List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid` | `list(string)` | `[]` | no |
| [performance\_mode](#input\_performance\_mode) | The file system performance mode. Can be either `generalPurpose` or `maxIO`. Default is `generalPurpose` | `string` | `null` | no |
| [policy\_statements](#input\_policy\_statements) | A list of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage | `any` | `[]` | no |
| [protection](#input\_protection) | A map of file protection configurations | `any` | `{}` | no |
| [provisioned\_throughput\_in\_mibps](#input\_provisioned\_throughput\_in\_mibps) | The throughput, measured in MiB/s, that you want to provision for the file system. Only applicable with `throughput_mode` set to `provisioned` | `number` | `null` | no |
| [replication\_configuration\_destination](#input\_replication\_configuration\_destination) | A destination configuration block | `any` | `{}` | no |
| [security\_group\_description](#input\_security\_group\_description) | Security group description. Defaults to Managed by Terraform | `string` | `null` | no |
| [security\_group\_name](#input\_security\_group\_name) | Name to assign to the security group. If omitted, Terraform will assign a random, unique name | `string` | `null` | no |
| [security\_group\_rules](#input\_security\_group\_rules) | Map of security group rule definitions to create | `any` | `{}` | no |
| [security\_group\_use\_name\_prefix](#input\_security\_group\_use\_name\_prefix) | Determines whether to use a name prefix for the security group. If `true`, the `security_group_name` value will be used as a prefix | `bool` | `false` | no |
| [security\_group\_vpc\_id](#input\_security\_group\_vpc\_id) | The VPC ID where the security group will be created | `string` | `null` | no |
| [source\_policy\_documents](#input\_source\_policy\_documents) | List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s | `list(string)` | `[]` | no |
| [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
| [throughput\_mode](#input\_throughput\_mode) | Throughput mode for the file system. Defaults to `bursting`. Valid values: `bursting`, `elastic`, and `provisioned`. When using `provisioned`, also set `provisioned_throughput_in_mibps` | `string` | `null` | no |
## Outputs
| Name | Description |
|------|-------------|
| [access\_points](#output\_access\_points) | Map of access points created and their attributes |
| [arn](#output\_arn) | Amazon Resource Name of the file system |
| [dns\_name](#output\_dns\_name) | The DNS name for the filesystem per [documented convention](http://docs.aws.amazon.com/efs/latest/ug/mounting-fs-mount-cmd-dns-name.html) |
| [id](#output\_id) | The ID that identifies the file system (e.g., `fs-ccfc0d65`) |
| [mount\_targets](#output\_mount\_targets) | Map of mount targets created and their attributes |
| [replication\_configuration\_destination\_file\_system\_id](#output\_replication\_configuration\_destination\_file\_system\_id) | The file system ID of the replica |
| [security\_group\_arn](#output\_security\_group\_arn) | ARN of the security group |
| [security\_group\_id](#output\_security\_group\_id) | ID of the security group |
| [size\_in\_bytes](#output\_size\_in\_bytes) | The latest known metered size (in bytes) of data stored in the file system, the value is not the exact size that the file system was at any point in time |
## License
Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-efs/blob/master/LICENSE).