Elastic File System (EFS) Module
Deploy an AWS Elastic File System for shared storage across EC2 instances and ECS tasks.
What You'll Build
- EFS with regional high availability
- Mount targets across availability zones
- Access points for POSIX access control
- Backup and lifecycle policies
- Performance mode and throughput settings
How to Use
module "efs" {
source = "github.com/nnthanh101/terraform-aws/modules/efs"
name = "app-shared-storage"
performance_mode = "generalPurpose"
throughput_mode = "bursting"
encrypted = true
kms_key_id = aws_kms_key.efs.arn
mount_targets = {
az1 = {
subnet_id = var.subnet_ids[0]
security_groups = [aws_security_group.efs.id]
}
az2 = {
subnet_id = var.subnet_ids[1]
security_groups = [aws_security_group.efs.id]
}
}
access_points = {
app = {
path = "/app"
posix_user = {
uid = 1000
gid = 1000
}
root_directory = {
path = "/app"
creation_info = {
owner_uid = 1000
owner_gid = 1000
permissions = "755"
}
}
}
}
tags = {
Environment = "prod"
Service = "shared-storage"
}
}
Key Variables
| Variable | Type | Purpose |
|---|---|---|
name | string | EFS file system name |
performance_mode | string | "generalPurpose" or "maxIO" |
throughput_mode | string | "bursting" or "provisioned" |
encrypted | bool | Enable encryption at rest |
kms_key_id | string | KMS key ARN for encryption |
mount_targets | map(object) | AZ-specific mount target configs |
access_points | map(object) | POSIX-compliant application access |
lifecycle_policy | object | Transition to infrequent access (IA) |
Outputs
| Output | Use Case |
|---|---|
id | EFS file system ID for mount commands |
arn | ARN for IAM policy references |
dns_name | Domain name for NFS mounting |
mount_targets | Mount target details per AZ |
access_points | Access point IDs for ECS task volumes |
Integration
- EC2: Mount via
nfs4 mount -t nfs4 -o nfsvers=4.1 ${dns_name}:/ /mnt/efs - ECS: Use access points in task definition volumes
- KMS: Encrypt data at rest with customer-managed key
- Backup: Enable AWS Backup for disaster recovery
- Security Groups: Control network access to mount targets
Source Reference
Module: terraform-aws/modules/efs