You can support us by downloading this article as PDF from the Link below. Download the guide as PDF

EFS is the acronym for Elastic File System. It is a managed Network File System (NFS) that can be mounted on several Linux EC2 instances to allow for file sharing between the instances. EFS is multi-AZ so it can be mounted on instances in different availability zones. This guide will walk you through the creation of an EFS FileSystem on AWS using CloudFormation automation template.

The benefits of using an EFS include:

  • Though more expensive than Elastic Block Store (EBS Volumes) you only pay for what you use.
  • It can easily scale up to Petabytes of data.
  • Provides Encryption Options hence highly secure.
  • It is highly available and durable.

The Use cases for EFS Include:

  • Web Applications.
  • Content management.
  • Data analytics.
  • Container storage.
How EFS Works : Source: https://aws.amazon.com/efs/

Step 1: Check Prerequisites/Requirements

Before proceeding to create the EFS file system, the user needs to have:

  • An AWS Account.
  • Created a user with permissions to create resources on the AWS Account.
  • An IDE like visual studio code to write and edit your CloudFormation Template.
  • Created a VPC with subnets and an Internet Connection.
  • Created an EC2 security group. EC2 instances will use it to connect to the EFS for mounting.

Step 2: Create the EFS File System

The EFS file system can be created manually or using a CloudFormation template.

Create EFS with CloudFormation Template

To use CloudFormation, find the below template that creates the EFS file system and the Mount Targets.

AWSTemplateFormatVersion: "2010-09-09"
Description: "Create EFS system and Mount Targets for test VPC"

Parameters:
    VPC:
        Type: String
        Description: The VPC identity
        Default: vpc-ID

    SubnetID1:
        Type: String
        Description: The subnet where to launch the service
        Default: subnet-ID

    SubnetID2:
        Type: String
        Description: the subnet where to Launch the service
        Default: subnet-ID

    SubnetID3:
        Type: String
        Description: The subnet where to launch the service
        Default: subnet-ID

    SubnetID4:
        Type: String
        Description: the subnet where to Launch the service
        Default: subnet-ID
    
Resources:
    EFSSecurityGroup:
        Type: "AWS::EC2::SecurityGroup"
        Properties:
            GroupDescription: "security group for the prod EFS"
            GroupName: "test-EFS-SG"
            VpcId: !Ref VPC
            SecurityGroupIngress: 
              - 
                SourceSecurityGroupId: sg-ID
                Description: "servers to connect to efs"
                FromPort: 2049
                IpProtocol: "tcp"
                ToPort: 2049
            Tags:
              - 
                Key: Environment
                Value: prod
              - 
                Key: Name
                Value: test-VPC-EFS-SG
              - 
                Key: Project
                Value: test-blog
              - 
                Key: createdBy
                Value: Maureen Barasa

    EFSFileSystem:
        Type: AWS::EFS::FileSystem
        Properties:
            BackupPolicy:
              Status: ENABLED
            Encrypted: true
            LifecyclePolicies:
              - TransitionToIA: AFTER_60_DAYS
            PerformanceMode: generalPurpose
            Encrypted: true
            ThroughputMode: bursting
            FileSystemTags: 
              - 
                Key: Environment
                Value: test
              - 
                Key: Name
                Value: test-VPC-EFS
              - 
                Key: Project
                Value: test-blog
              - 
                Key: createdBy
                Value: Maureen Barasa

    MountTarget1:
        Type: AWS::EFS::MountTarget
        Properties: 
            FileSystemId: !Ref EFSFileSystem
            IpAddress: *.*.*.*
            SecurityGroups: 
              - !Ref EFSSecurityGroup
            SubnetId: !Ref SubnetID1

    MountTarget2:
        Type: AWS::EFS::MountTarget
        Properties: 
            FileSystemId: !Ref EFSFileSystem
            IpAddress: *.*.*.*
            SecurityGroups: 
              - !Ref EFSSecurityGroup
            SubnetId: !Ref SubnetID2

    MountTarget3:
        Type: AWS::EFS::MountTarget
        Properties: 
            FileSystemId: !Ref EFSFileSystem
            IpAddress: *.*.*.*
            SecurityGroups: 
              - !Ref EFSSecurityGroup
            SubnetId: !Ref SubnetID3

    MountTarget4:
        Type: AWS::EFS::MountTarget
        Properties: 
            FileSystemId: !Ref EFSFileSystem
            IpAddress: *.*.*.*
            SecurityGroups: 
              - !Ref EFSSecurityGroup
            SubnetId: !Ref SubnetID4

Outputs:
  EFS:
    Description: The created EFS 
    Value: !Ref EFSFileSystem

  EFSMountTarget1:
    Description: The EFS MountTarget1
    Value: !Ref MountTarget1

  EFSMountTarget2:
    Description: The EFS MountTarget2
    Value: !Ref MountTarget2

  EFSMountTarget3:
    Description: The EFS MountTarget3
    Value: !Ref MountTarget3

  EFSMountTarget4:
    Description: The EFS MountTarget4
    Value: !Ref MountTarget4

We deploy the Template using either a CodePipeline or create a stack on the CloudFormation console.

The CloudFormation Template Explained

The template comprises 3 sections. The Parameters, Resources and Outputs sections.

Parameters:

In the resources section, we require the user to input the dynamic variables of their template. For our case, the user should replace the:

  • VPC ID (Replace with your VPC ID)
  • Subnet ID (Replace with your subnet ID’s)

Also, the subnets included should be the subnets where the user intends to create the mount targets for the EFS.

Resources:

Here the user defines the AWS resources to create. For our case, we start by creating the EFS security group. The user should change:

  • SourceSecurityGroupId (Should reflect the security group of the ec2 instances that should access the EFS).

Next, it creates the EFS file system. The user should go through the file system properties and change to their specific requirements. For example:

  • Performance mode (We can either choose general-purpose or maximum IO (Max IO)
  • Throughput mode (The user can choose either bursting or provisioned)

Also, the user should pay attention to the tags to customize as needed.

Finally, the mount targets are created. Here the user should change:

  • The IP address of each Mount Target (It should reflect an Unused IP on the subnet CIDR Block).

For example, if your subnet block CIDR is 10.0.0.0/26, The first 5 IP’s and the last IP are reserved. Hence the user can use any unassigned IP from 10.0.0.7 to 10.0.0.62

Outputs:

The outputs section of the template instructs CloudFormation to output the names of the resources created. For example, in our case, we have instructed the template to output:

  • Name/ID of the EFS created.
  • Names/ID’s of the Mount Target Created.

Create the EFS Manually on EFS Console

On the EFS console, select file systems. Then click create file system.

Create File System

Next, on the create file system screen click customize.

Customize your EFS configurations

Then, input your file system settings as per your specific requirements.

Enter Your File System Settings

Now, the user should input the network access settings for the file system. This includes the VPC, the subnets for the mount targets, and the security groups. When done click next.

Network Access Settings

After, the user should set the policy for their EFS. This part is optional though. When done click next.

Set EFS Policy

Finally, the user can review the settings and click create if satisfied with everything. Your file system will now be created.

Watch out for my next article where I explain how to Mount the EFS to your Linux instances.

Happy Building!!!

You can support us by downloading this article as PDF from the Link below. Download the guide as PDF