EFS is the acronym for Elastic File System. It is a managed Network File System (NFS) that can be mounted on several Linux EC2 instances to allow for file sharing between the instances. EFS is multi-AZ so it can be mounted on instances in different availability zones. This guide will walk you through the creation of an EFS FileSystem on AWS using CloudFormation automation template.
The benefits of using an EFS include:
- Though more expensive than Elastic Block Store (EBS Volumes) you only pay for what you use.
- It can easily scale up to Petabytes of data.
- Provides Encryption Options hence highly secure.
- It is highly available and durable.
The Use cases for EFS Include:
- Web Applications.
- Content management.
- Data analytics.
- Container storage.
Step 1: Check Prerequisites/Requirements
Before proceeding to create the EFS file system, the user needs to have:
- An AWS Account.
- Created a user with permissions to create resources on the AWS Account.
- An IDE like visual studio code to write and edit your CloudFormation Template.
- Created a VPC with subnets and an Internet Connection.
- Created an EC2 security group. EC2 instances will use it to connect to the EFS for mounting.
Step 2: Create the EFS File System
The EFS file system can be created manually or using a CloudFormation template.
Create EFS with CloudFormation Template
To use CloudFormation, find the below template that creates the EFS file system and the Mount Targets.
AWSTemplateFormatVersion: "2010-09-09" Description: "Create EFS system and Mount Targets for test VPC" Parameters: VPC: Type: String Description: The VPC identity Default: vpc-ID SubnetID1: Type: String Description: The subnet where to launch the service Default: subnet-ID SubnetID2: Type: String Description: the subnet where to Launch the service Default: subnet-ID SubnetID3: Type: String Description: The subnet where to launch the service Default: subnet-ID SubnetID4: Type: String Description: the subnet where to Launch the service Default: subnet-ID Resources: EFSSecurityGroup: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: "security group for the prod EFS" GroupName: "test-EFS-SG" VpcId: !Ref VPC SecurityGroupIngress: - SourceSecurityGroupId: sg-ID Description: "servers to connect to efs" FromPort: 2049 IpProtocol: "tcp" ToPort: 2049 Tags: - Key: Environment Value: prod - Key: Name Value: test-VPC-EFS-SG - Key: Project Value: test-blog - Key: createdBy Value: Maureen Barasa EFSFileSystem: Type: AWS::EFS::FileSystem Properties: BackupPolicy: Status: ENABLED Encrypted: true LifecyclePolicies: - TransitionToIA: AFTER_60_DAYS PerformanceMode: generalPurpose Encrypted: true ThroughputMode: bursting FileSystemTags: - Key: Environment Value: test - Key: Name Value: test-VPC-EFS - Key: Project Value: test-blog - Key: createdBy Value: Maureen Barasa MountTarget1: Type: AWS::EFS::MountTarget Properties: FileSystemId: !Ref EFSFileSystem IpAddress: *.*.*.* SecurityGroups: - !Ref EFSSecurityGroup SubnetId: !Ref SubnetID1 MountTarget2: Type: AWS::EFS::MountTarget Properties: FileSystemId: !Ref EFSFileSystem IpAddress: *.*.*.* SecurityGroups: - !Ref EFSSecurityGroup SubnetId: !Ref SubnetID2 MountTarget3: Type: AWS::EFS::MountTarget Properties: FileSystemId: !Ref EFSFileSystem IpAddress: *.*.*.* SecurityGroups: - !Ref EFSSecurityGroup SubnetId: !Ref SubnetID3 MountTarget4: Type: AWS::EFS::MountTarget Properties: FileSystemId: !Ref EFSFileSystem IpAddress: *.*.*.* SecurityGroups: - !Ref EFSSecurityGroup SubnetId: !Ref SubnetID4 Outputs: EFS: Description: The created EFS Value: !Ref EFSFileSystem EFSMountTarget1: Description: The EFS MountTarget1 Value: !Ref MountTarget1 EFSMountTarget2: Description: The EFS MountTarget2 Value: !Ref MountTarget2 EFSMountTarget3: Description: The EFS MountTarget3 Value: !Ref MountTarget3 EFSMountTarget4: Description: The EFS MountTarget4 Value: !Ref MountTarget4
We deploy the Template using either a CodePipeline or create a stack on the CloudFormation console.
The CloudFormation Template Explained
The template comprises 3 sections. The Parameters, Resources and Outputs sections.
In the resources section, we require the user to input the dynamic variables of their template. For our case, the user should replace the:
- VPC ID (Replace with your VPC ID)
- Subnet ID (Replace with your subnet ID’s)
Also, the subnets included should be the subnets where the user intends to create the mount targets for the EFS.
Here the user defines the AWS resources to create. For our case, we start by creating the EFS security group. The user should change:
- SourceSecurityGroupId (Should reflect the security group of the ec2 instances that should access the EFS).
Next, it creates the EFS file system. The user should go through the file system properties and change to their specific requirements. For example:
- Performance mode (We can either choose general-purpose or maximum IO (Max IO)
- Throughput mode (The user can choose either bursting or provisioned)
Also, the user should pay attention to the tags to customize as needed.
Finally, the mount targets are created. Here the user should change:
- The IP address of each Mount Target (It should reflect an Unused IP on the subnet CIDR Block).
For example, if your subnet block CIDR is 10.0.0.0/26, The first 5 IP’s and the last IP are reserved. Hence the user can use any unassigned IP from 10.0.0.7 to 10.0.0.62
The outputs section of the template instructs CloudFormation to output the names of the resources created. For example, in our case, we have instructed the template to output:
- Name/ID of the EFS created.
- Names/ID’s of the Mount Target Created.
Create the EFS Manually on EFS Console
On the EFS console, select file systems. Then click create file system.
Next, on the create file system screen click customize.
Then, input your file system settings as per your specific requirements.
Now, the user should input the network access settings for the file system. This includes the VPC, the subnets for the mount targets, and the security groups. When done click next.
After, the user should set the policy for their EFS. This part is optional though. When done click next.
Finally, the user can review the settings and click create if satisfied with everything. Your file system will now be created.
Watch out for my next article where I explain how to Mount the EFS to your Linux instances.