file_systems
Creates, updates, deletes or gets a file_system resource or lists file_systems in a region
Overview
| Name | file_systems |
| Type | Resource |
| Description | The ``AWS::EFS::FileSystem`` resource creates a new, empty file system in EFSlong (EFS). You must create a mount target ([AWS::EFS::MountTarget](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html)) to mount your EFS file system on an EC2 or other AWS cloud compute resource. |
| Id | awscc.efs.file_systems |
Fields
| Name | Datatype | Description |
|---|---|---|
file_system_id | string | |
arn | string | |
encrypted | boolean | A Boolean value that, if true, creates an encrypted file system. When creating an encrypted file system, you have the option of specifying a KmsKeyId for an existing kms-key-long. If you don't specify a kms-key, then the default kms-key for EFS, ``/aws/elasticfilesystem``, is used to protect the encrypted file system. |
file_system_tags | array | Use to create one or more tags associated with the file system. Each tag is a user-defined key-value pair. Name your file system on creation by including a ``"Key":"Name","Value":"{value}"`` key-value pair. Each key must be unique. For more information, see [Tagging resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in the *General Reference Guide*. |
kms_key_id | string | The ID of the kms-key-long to be used to protect the encrypted file system. This parameter is only required if you want to use a nondefault kms-key. If this parameter is not specified, the default kms-key for EFS is used. This ID can be in one of the following formats:<br />+ Key ID - A unique identifier of the key, for example ``1234abcd-12ab-34cd-56ef-1234567890ab``.<br />+ ARN - An Amazon Resource Name (ARN) for the key, for example ``arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab``.<br />+ Key alias - A previously created display name for a key, for example ``alias/projectKey1``.<br />+ Key alias ARN - An ARN for a key alias, for example ``arn:aws:kms:us-west-2:444455556666:alias/projectKey1``.<br /><br />If ``KmsKeyId`` is specified, the ``Encrypted`` parameter must be set to true. |
lifecycle_policies | array | An array of ``LifecyclePolicy`` objects that define the file system's ``LifecycleConfiguration`` object. A ``LifecycleConfiguration`` object informs Lifecycle management of the following:<br />+ When to move files in the file system from primary storage to IA storage.<br />+ When to move files in the file system from primary storage or IA storage to Archive storage.<br />+ When to move files that are in IA or Archive storage to primary storage.<br /><br />EFS requires that each ``LifecyclePolicy`` object have only a single transition. This means that in a request body, ``LifecyclePolicies`` needs to be structured as an array of ``LifecyclePolicy`` objects, one object for each transition, ``TransitionToIA``, ``TransitionToArchive````TransitionToPrimaryStorageClass``. See the example requests in the following section for more information. |
file_system_protection | object | Describes the protection on the file system. |
performance_mode | string | The performance mode of the file system. We recommend ``generalPurpose`` performance mode for all file systems. File systems using the ``maxIO`` performance mode can scale to higher levels of aggregate throughput and operations per second with a tradeoff of slightly higher latencies for most file operations. The performance mode can't be changed after the file system has been created. The ``maxIO`` mode is not supported on One Zone file systems.<br />Due to the higher per-operation latencies with Max I/O, we recommend using General Purpose performance mode for all file systems.<br />Default is ``generalPurpose``. |
provisioned_throughput_in_mibps | number | The throughput, measured in mebibytes per second (MiBps), that you want to provision for a file system that you're creating. Required if ``ThroughputMode`` is set to ``provisioned``. Valid values are 1-3414 MiBps, with the upper limit depending on Region. To increase this limit, contact SUP. For more information, see [Amazon EFS quotas that you can increase](https://docs.aws.amazon.com/efs/latest/ug/limits.html#soft-limits) in the *Amazon EFS User Guide*. |
throughput_mode | string | Specifies the throughput mode for the file system. The mode can be ``bursting``, ``provisioned``, or ``elastic``. If you set ``ThroughputMode`` to ``provisioned``, you must also set a value for ``ProvisionedThroughputInMibps``. After you create the file system, you can decrease your file system's Provisioned throughput or change between the throughput modes, with certain time restrictions. For more information, see [Specifying throughput with provisioned mode](https://docs.aws.amazon.com/efs/latest/ug/performance.html#provisioned-throughput) in the *Amazon EFS User Guide*. <br />Default is ``bursting``. |
file_system_policy | object | The ``FileSystemPolicy`` for the EFS file system. A file system policy is an IAM resource policy used to control NFS access to an EFS file system. For more information, see [Using to control NFS access to Amazon EFS](https://docs.aws.amazon.com/efs/latest/ug/iam-access-control-nfs-efs.html) in the *Amazon EFS User Guide*. |
bypass_policy_lockout_safety_check | boolean | (Optional) A boolean that specifies whether or not to bypass the ``FileSystemPolicy`` lockout safety check. The lockout safety check determines whether the policy in the request will lock out, or prevent, the IAM principal that is making the request from making future ``PutFileSystemPolicy`` requests on this file system. Set ``BypassPolicyLockoutSafetyCheck`` to ``True`` only when you intend to prevent the IAM principal that is making the request from making subsequent ``PutFileSystemPolicy`` requests on this file system. The default value is ``False``. |
backup_policy | object | Use the ``BackupPolicy`` to turn automatic backups on or off for the file system. |
availability_zone_name | string | For One Zone file systems, specify the AWS Availability Zone in which to create the file system. Use the format ``us-east-1a`` to specify the Availability Zone. For more information about One Zone file systems, see [EFS file system types](https://docs.aws.amazon.com/efs/latest/ug/availability-durability.html#file-system-type) in the *Amazon EFS User Guide*.<br />One Zone file systems are not available in all Availability Zones in AWS-Regions where Amazon EFS is available. |
replication_configuration | object | Describes the replication configuration for a specific file system. |
region | string | AWS region. |
For more information, see AWS::EFS::FileSystem.
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all properties from an individual file_system.
SELECT
region,
file_system_id,
arn,
encrypted,
file_system_tags,
kms_key_id,
lifecycle_policies,
file_system_protection,
performance_mode,
provisioned_throughput_in_mibps,
throughput_mode,
file_system_policy,
bypass_policy_lockout_safety_check,
backup_policy,
availability_zone_name,
replication_configuration
FROM awscc.efs.file_systems
WHERE region = 'us-east-1' AND data__Identifier = '<FileSystemId>';
INSERT example
Use the following StackQL query and manifest file to create a new file_system resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.efs.file_systems (
Encrypted,
FileSystemTags,
KmsKeyId,
LifecyclePolicies,
FileSystemProtection,
PerformanceMode,
ProvisionedThroughputInMibps,
ThroughputMode,
FileSystemPolicy,
BypassPolicyLockoutSafetyCheck,
BackupPolicy,
AvailabilityZoneName,
ReplicationConfiguration,
region
)
SELECT
'{{ Encrypted }}',
'{{ FileSystemTags }}',
'{{ KmsKeyId }}',
'{{ LifecyclePolicies }}',
'{{ FileSystemProtection }}',
'{{ PerformanceMode }}',
'{{ ProvisionedThroughputInMibps }}',
'{{ ThroughputMode }}',
'{{ FileSystemPolicy }}',
'{{ BypassPolicyLockoutSafetyCheck }}',
'{{ BackupPolicy }}',
'{{ AvailabilityZoneName }}',
'{{ ReplicationConfiguration }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.efs.file_systems (
Encrypted,
FileSystemTags,
KmsKeyId,
LifecyclePolicies,
FileSystemProtection,
PerformanceMode,
ProvisionedThroughputInMibps,
ThroughputMode,
FileSystemPolicy,
BypassPolicyLockoutSafetyCheck,
BackupPolicy,
AvailabilityZoneName,
ReplicationConfiguration,
region
)
SELECT
'{{ Encrypted }}',
'{{ FileSystemTags }}',
'{{ KmsKeyId }}',
'{{ LifecyclePolicies }}',
'{{ FileSystemProtection }}',
'{{ PerformanceMode }}',
'{{ ProvisionedThroughputInMibps }}',
'{{ ThroughputMode }}',
'{{ FileSystemPolicy }}',
'{{ BypassPolicyLockoutSafetyCheck }}',
'{{ BackupPolicy }}',
'{{ AvailabilityZoneName }}',
'{{ ReplicationConfiguration }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: file_system
props:
- name: Encrypted
value: '{{ Encrypted }}'
- name: FileSystemTags
value:
- Key: '{{ Key }}'
Value: '{{ Value }}'
- name: KmsKeyId
value: '{{ KmsKeyId }}'
- name: LifecyclePolicies
value:
- TransitionToIA: '{{ TransitionToIA }}'
TransitionToPrimaryStorageClass: '{{ TransitionToPrimaryStorageClass }}'
TransitionToArchive: '{{ TransitionToArchive }}'
- name: FileSystemProtection
value:
ReplicationOverwriteProtection: '{{ ReplicationOverwriteProtection }}'
- name: PerformanceMode
value: '{{ PerformanceMode }}'
- name: ProvisionedThroughputInMibps
value: null
- name: ThroughputMode
value: '{{ ThroughputMode }}'
- name: FileSystemPolicy
value: {}
- name: BypassPolicyLockoutSafetyCheck
value: '{{ BypassPolicyLockoutSafetyCheck }}'
- name: BackupPolicy
value:
Status: '{{ Status }}'
- name: AvailabilityZoneName
value: '{{ AvailabilityZoneName }}'
- name: ReplicationConfiguration
value:
Destinations:
- Status: '{{ Status }}'
StatusMessage: '{{ StatusMessage }}'
FileSystemId: '{{ FileSystemId }}'
Region: '{{ Region }}'
RoleArn: '{{ RoleArn }}'
AvailabilityZoneName: '{{ AvailabilityZoneName }}'
KmsKeyId: '{{ KmsKeyId }}'
DELETE example
/*+ delete */
DELETE FROM awscc.efs.file_systems
WHERE data__Identifier = '<FileSystemId>'
AND region = 'us-east-1';
Permissions
To operate on the file_systems resource, the following permissions are required:
Create
elasticfilesystem:CreateFileSystem,
elasticfilesystem:DescribeReplicationConfigurations,
elasticfilesystem:TagResource,
elasticfilesystem:CreateReplicationConfiguration,
elasticfilesystem:DescribeFileSystems,
elasticfilesystem:PutBackupPolicy,
elasticfilesystem:PutFileSystemPolicy,
elasticfilesystem:PutLifecycleConfiguration,
elasticfilesystem:UpdateFileSystemProtection,
kms:DescribeKey,
kms:GenerateDataKeyWithoutPlaintext,
kms:CreateGrant,
iam:PassRole,
iam:CreateServiceLinkedRole
Read
elasticfilesystem:DescribeBackupPolicy,
elasticfilesystem:DescribeFileSystemPolicy,
elasticfilesystem:DescribeFileSystems,
elasticfilesystem:DescribeLifecycleConfiguration,
elasticfilesystem:DescribeReplicationConfigurations
Update
elasticfilesystem:CreateReplicationConfiguration,
elasticfilesystem:DeleteFileSystemPolicy,
elasticfilesystem:DescribeBackupPolicy,
elasticfilesystem:DescribeFileSystemPolicy,
elasticfilesystem:DescribeFileSystems,
elasticfilesystem:DescribeLifecycleConfiguration,
elasticfilesystem:DescribeReplicationConfigurations,
elasticfilesystem:DeleteTags,
elasticfilesystem:DeleteReplicationConfiguration,
elasticfilesystem:ListTagsForResource,
elasticfilesystem:PutBackupPolicy,
elasticfilesystem:PutFileSystemPolicy,
elasticfilesystem:PutLifecycleConfiguration,
elasticfilesystem:TagResource,
elasticfilesystem:UntagResource,
elasticfilesystem:UpdateFileSystem,
elasticfilesystem:UpdateFileSystemProtection,
kms:DescribeKey,
kms:GenerateDataKeyWithoutPlaintext,
kms:CreateGrant,
iam:PassRole,
iam:CreateServiceLinkedRole
Delete
elasticfilesystem:DescribeFileSystems,
elasticfilesystem:DeleteFileSystem,
elasticfilesystem:DeleteReplicationConfiguration,
elasticfilesystem:DescribeReplicationConfigurations
List
elasticfilesystem:DescribeBackupPolicy,
elasticfilesystem:DescribeFileSystemPolicy,
elasticfilesystem:DescribeFileSystems,
elasticfilesystem:DescribeLifecycleConfiguration,
elasticfilesystem:DescribeReplicationConfigurations