file_systems
Creates, updates, deletes or gets a file_system resource or lists file_systems in a region
Overview
| Name | file_systems |
| Type | Resource |
| Description | The ``AWS::EFS::FileSystem`` resource creates a new, empty file system in EFSlong (EFS). You must create a mount target ([AWS::EFS::MountTarget](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html)) to mount your EFS file system on an EC2 or other AWS cloud compute resource. |
| Id | awscc.efs.file_systems |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
file_system_id | string | |
arn | string | |
encrypted | boolean | A Boolean value that, if true, creates an encrypted file system. When creating an encrypted file system, you have the option of specifying a KmsKeyId for an existing kms-key-long. If you don't specify a kms-key, then the default kms-key for EFS, ``/aws/elasticfilesystem``, is used to protect the encrypted file system. |
file_system_tags | array | Use to create one or more tags associated with the file system. Each tag is a user-defined key-value pair. Name your file system on creation by including a ``"Key":"Name","Value":"{value}"`` key-value pair. Each key must be unique. For more information, see [Tagging resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in the *General Reference Guide*. |
kms_key_id | string | The ID of the kms-key-long to be used to protect the encrypted file system. This parameter is only required if you want to use a nondefault kms-key. If this parameter is not specified, the default kms-key for EFS is used. This ID can be in one of the following formats:<br />+ Key ID - A unique identifier of the key, for example ``1234abcd-12ab-34cd-56ef-1234567890ab``.<br />+ ARN - An Amazon Resource Name (ARN) for the key, for example ``arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab``.<br />+ Key alias - A previously created display name for a key, for example ``alias/projectKey1``.<br />+ Key alias ARN - An ARN for a key alias, for example ``arn:aws:kms:us-west-2:444455556666:alias/projectKey1``.<br /><br />If ``KmsKeyId`` is specified, the ``Encrypted`` parameter must be set to true. |
lifecycle_policies | array | An array of ``LifecyclePolicy`` objects that define the file system's ``LifecycleConfiguration`` object. A ``LifecycleConfiguration`` object informs Lifecycle management of the following:<br />+ When to move files in the file system from primary storage to IA storage.<br />+ When to move files in the file system from primary storage or IA storage to Archive storage.<br />+ When to move files that are in IA or Archive storage to primary storage.<br /><br />EFS requires that each ``LifecyclePolicy`` object have only a single transition. This means that in a request body, ``LifecyclePolicies`` needs to be structured as an array of ``LifecyclePolicy`` objects, one object for each transition, ``TransitionToIA``, ``TransitionToArchive````TransitionToPrimaryStorageClass``. See the example requests in the following section for more information. |
file_system_protection | object | Describes the protection on the file system. |
performance_mode | string | The performance mode of the file system. We recommend ``generalPurpose`` performance mode for all file systems. File systems using the ``maxIO`` performance mode can scale to higher levels of aggregate throughput and operations per second with a tradeoff of slightly higher latencies for most file operations. The performance mode can't be changed after the file system has been created. The ``maxIO`` mode is not supported on One Zone file systems.<br />Due to the higher per-operation latencies with Max I/O, we recommend using General Purpose performance mode for all file systems.<br />Default is ``generalPurpose``. |
provisioned_throughput_in_mibps | number | The throughput, measured in mebibytes per second (MiBps), that you want to provision for a file system that you're creating. Required if ``ThroughputMode`` is set to ``provisioned``. Valid values are 1-3414 MiBps, with the upper limit depending on Region. To increase this limit, contact SUP. For more information, see [Amazon EFS quotas that you can increase](https://docs.aws.amazon.com/efs/latest/ug/limits.html#soft-limits) in the *Amazon EFS User Guide*. |
throughput_mode | string | Specifies the throughput mode for the file system. The mode can be ``bursting``, ``provisioned``, or ``elastic``. If you set ``ThroughputMode`` to ``provisioned``, you must also set a value for ``ProvisionedThroughputInMibps``. After you create the file system, you can decrease your file system's Provisioned throughput or change between the throughput modes, with certain time restrictions. For more information, see [Specifying throughput with provisioned mode](https://docs.aws.amazon.com/efs/latest/ug/performance.html#provisioned-throughput) in the *Amazon EFS User Guide*. <br />Default is ``bursting``. |
file_system_policy | object | The ``FileSystemPolicy`` for the EFS file system. A file system policy is an IAM resource policy used to control NFS access to an EFS file system. For more information, see [Using to control NFS access to Amazon EFS](https://docs.aws.amazon.com/efs/latest/ug/iam-access-control-nfs-efs.html) in the *Amazon EFS User Guide*. |
bypass_policy_lockout_safety_check | boolean | (Optional) A boolean that specifies whether or not to bypass the ``FileSystemPolicy`` lockout safety check. The lockout safety check determines whether the policy in the request will lock out, or prevent, the IAM principal that is making the request from making future ``PutFileSystemPolicy`` requests on this file system. Set ``BypassPolicyLockoutSafetyCheck`` to ``True`` only when you intend to prevent the IAM principal that is making the request from making subsequent ``PutFileSystemPolicy`` requests on this file system. The default value is ``False``. |
backup_policy | object | Use the ``BackupPolicy`` to turn automatic backups on or off for the file system. |
availability_zone_name | string | For One Zone file systems, specify the AWS Availability Zone in which to create the file system. Use the format ``us-east-1a`` to specify the Availability Zone. For more information about One Zone file systems, see [EFS file system types](https://docs.aws.amazon.com/efs/latest/ug/availability-durability.html#file-system-type) in the *Amazon EFS User Guide*.<br />One Zone file systems are not available in all Availability Zones in AWS-Regions where Amazon EFS is available. |
replication_configuration | object | Describes the replication configuration for a specific file system. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
file_system_id | string | |
region | string | AWS region. |
For more information, see AWS::EFS::FileSystem.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | file_systems | INSERT | region |
delete_resource | file_systems | DELETE | Identifier, region |
update_resource | file_systems | UPDATE | Identifier, PatchDocument, region |
list_resources | file_systems_list_only | SELECT | region |
get_resource | file_systems | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual file_system.
SELECT
region,
file_system_id,
arn,
encrypted,
file_system_tags,
kms_key_id,
lifecycle_policies,
file_system_protection,
performance_mode,
provisioned_throughput_in_mibps,
throughput_mode,
file_system_policy,
bypass_policy_lockout_safety_check,
backup_policy,
availability_zone_name,
replication_configuration
FROM awscc.efs.file_systems
WHERE
region = 'us-east-1' AND
Identifier = '{{ file_system_id }}';
Lists all file_systems in a region.
SELECT
region,
file_system_id
FROM awscc.efs.file_systems_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new file_system resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.efs.file_systems (
Encrypted,
FileSystemTags,
KmsKeyId,
LifecyclePolicies,
FileSystemProtection,
PerformanceMode,
ProvisionedThroughputInMibps,
ThroughputMode,
FileSystemPolicy,
BypassPolicyLockoutSafetyCheck,
BackupPolicy,
AvailabilityZoneName,
ReplicationConfiguration,
region
)
SELECT
'{{ encrypted }}',
'{{ file_system_tags }}',
'{{ kms_key_id }}',
'{{ lifecycle_policies }}',
'{{ file_system_protection }}',
'{{ performance_mode }}',
'{{ provisioned_throughput_in_mibps }}',
'{{ throughput_mode }}',
'{{ file_system_policy }}',
'{{ bypass_policy_lockout_safety_check }}',
'{{ backup_policy }}',
'{{ availability_zone_name }}',
'{{ replication_configuration }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.efs.file_systems (
Encrypted,
FileSystemTags,
KmsKeyId,
LifecyclePolicies,
FileSystemProtection,
PerformanceMode,
ProvisionedThroughputInMibps,
ThroughputMode,
FileSystemPolicy,
BypassPolicyLockoutSafetyCheck,
BackupPolicy,
AvailabilityZoneName,
ReplicationConfiguration,
region
)
SELECT
'{{ encrypted }}',
'{{ file_system_tags }}',
'{{ kms_key_id }}',
'{{ lifecycle_policies }}',
'{{ file_system_protection }}',
'{{ performance_mode }}',
'{{ provisioned_throughput_in_mibps }}',
'{{ throughput_mode }}',
'{{ file_system_policy }}',
'{{ bypass_policy_lockout_safety_check }}',
'{{ backup_policy }}',
'{{ availability_zone_name }}',
'{{ replication_configuration }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: file_system
props:
- name: encrypted
value: '{{ encrypted }}'
- name: file_system_tags
value:
- key: '{{ key }}'
value: '{{ value }}'
- name: kms_key_id
value: '{{ kms_key_id }}'
- name: lifecycle_policies
value:
- transition_to_ia: '{{ transition_to_ia }}'
transition_to_primary_storage_class: '{{ transition_to_primary_storage_class }}'
transition_to_archive: '{{ transition_to_archive }}'
- name: file_system_protection
value:
replication_overwrite_protection: '{{ replication_overwrite_protection }}'
- name: performance_mode
value: '{{ performance_mode }}'
- name: provisioned_throughput_in_mibps
value: null
- name: throughput_mode
value: '{{ throughput_mode }}'
- name: file_system_policy
value: {}
- name: bypass_policy_lockout_safety_check
value: '{{ bypass_policy_lockout_safety_check }}'
- name: backup_policy
value:
status: '{{ status }}'
- name: availability_zone_name
value: '{{ availability_zone_name }}'
- name: replication_configuration
value:
destinations:
- status: '{{ status }}'
status_message: '{{ status_message }}'
file_system_id: '{{ file_system_id }}'
region: '{{ region }}'
role_arn: '{{ role_arn }}'
availability_zone_name: '{{ availability_zone_name }}'
kms_key_id: '{{ kms_key_id }}'
UPDATE example
Use the following StackQL query and manifest file to update a file_system resource, using stack-deploy.
/*+ update */
UPDATE awscc.efs.file_systems
SET PatchDocument = string('{{ {
"FileSystemTags": file_system_tags,
"LifecyclePolicies": lifecycle_policies,
"FileSystemProtection": file_system_protection,
"ProvisionedThroughputInMibps": provisioned_throughput_in_mibps,
"ThroughputMode": throughput_mode,
"FileSystemPolicy": file_system_policy,
"BypassPolicyLockoutSafetyCheck": bypass_policy_lockout_safety_check,
"BackupPolicy": backup_policy
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ file_system_id }}';
DELETE example
/*+ delete */
DELETE FROM awscc.efs.file_systems
WHERE
Identifier = '{{ file_system_id }}' AND
region = 'us-east-1';
Permissions
To operate on the file_systems resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
elasticfilesystem:CreateFileSystem,
elasticfilesystem:DescribeReplicationConfigurations,
elasticfilesystem:TagResource,
elasticfilesystem:CreateReplicationConfiguration,
elasticfilesystem:DescribeFileSystems,
elasticfilesystem:PutBackupPolicy,
elasticfilesystem:PutFileSystemPolicy,
elasticfilesystem:PutLifecycleConfiguration,
elasticfilesystem:UpdateFileSystemProtection,
kms:DescribeKey,
kms:GenerateDataKeyWithoutPlaintext,
kms:CreateGrant,
iam:PassRole,
iam:CreateServiceLinkedRole
elasticfilesystem:DescribeBackupPolicy,
elasticfilesystem:DescribeFileSystemPolicy,
elasticfilesystem:DescribeFileSystems,
elasticfilesystem:DescribeLifecycleConfiguration,
elasticfilesystem:DescribeReplicationConfigurations
elasticfilesystem:CreateReplicationConfiguration,
elasticfilesystem:DeleteFileSystemPolicy,
elasticfilesystem:DescribeBackupPolicy,
elasticfilesystem:DescribeFileSystemPolicy,
elasticfilesystem:DescribeFileSystems,
elasticfilesystem:DescribeLifecycleConfiguration,
elasticfilesystem:DescribeReplicationConfigurations,
elasticfilesystem:DeleteTags,
elasticfilesystem:DeleteReplicationConfiguration,
elasticfilesystem:ListTagsForResource,
elasticfilesystem:PutBackupPolicy,
elasticfilesystem:PutFileSystemPolicy,
elasticfilesystem:PutLifecycleConfiguration,
elasticfilesystem:TagResource,
elasticfilesystem:UntagResource,
elasticfilesystem:UpdateFileSystem,
elasticfilesystem:UpdateFileSystemProtection,
kms:DescribeKey,
kms:GenerateDataKeyWithoutPlaintext,
kms:CreateGrant,
iam:PassRole,
iam:CreateServiceLinkedRole
elasticfilesystem:DescribeFileSystems,
elasticfilesystem:DeleteFileSystem,
elasticfilesystem:DeleteReplicationConfiguration,
elasticfilesystem:DescribeReplicationConfigurations
elasticfilesystem:DescribeBackupPolicy,
elasticfilesystem:DescribeFileSystemPolicy,
elasticfilesystem:DescribeFileSystems,
elasticfilesystem:DescribeLifecycleConfiguration,
elasticfilesystem:DescribeReplicationConfigurations