Skip to content

geekcell/terraform-aws-efs

Repository files navigation

Geek Cell GmbH

Code Quality

License GitHub release (latest tag) Release Validate Lint

Inputs

Name Description Type Default Required
access_points List of access points to create.
map(object({
posix_user = optional(object({
gid = number
uid = number
secondary_gids = optional(list(number))
}))

root_directory = optional(object({
path = string

creation_info = optional(object({
owner_gid = number
owner_uid = number
permissions = string
}))
}))
}))
{} no
aws_iam_principals AWS IAM principals which will be allowed to access the file system via the EFS policy. list(string)
[
"*"
]
no
bypass_policy_lockout_safety_check A flag to indicate whether to bypass the aws_efs_file_system_policy lockout safety check. bool false no
enable_customer_managed_kms If enabled, will create a customer managed KMS key for at-rest encryption. bool false no
enable_enhanced_backups Enable enhanced backups. bool false no
encrypted If true, the disk will be encrypted. bool true no
enforce_read_only_default Enforce read-only access to the file system. Identity-based policies can override these default permissions. bool false no
enforce_transit_encryption Enforce in-transit encryption for all clients. bool true no
kms_key_id The ARN of the AWS KMS to encrypt the file system. Defaults to the AWS managed KMS key. string null no
name The name of the file system. string n/a yes
performance_mode The file system performance mode. Can be either generalPurpose or maxIO. string "generalPurpose" no
prevent_anonymous_access Prevent anonymous access to the file system. bool false no
prevent_root_access_default Prevent root access to the file system. Identity-based policies can override these default permissions. bool false no
private_subnets A list of private subnets inside the VPC. list(string) n/a yes
provisioned_throughput_in_mibps The throughput, measured in MiB/s, that you want to provision for the file system. number 0 no
security_groups A list of security group IDs to associate with the file system. list(string) n/a yes
tags A mapping of tags to assign to all resources. map(string) {} no
throughput_mode Throughput mode for the file system. Valid values: bursting, provisioned, or elastic. string "elastic" no
transition_to_archive Indicates how long it takes to transition files to the archive storage class. Accepted values AFTER_7_DAYS, AFTER_14_DAYS, AFTER_30_DAYS, AFTER_60_DAYS, AFTER_90_DAYS. string "AFTER_90_DAYS" no
transition_to_ia Indicates how long it takes to transition files to the IA storage class. Accepted values AFTER_7_DAYS, AFTER_14_DAYS, AFTER_30_DAYS, AFTER_60_DAYS, AFTER_90_DAYS. string "AFTER_30_DAYS" no
transition_to_primary_storage_class Describes the policy used to transition a file from infequent access storage to primary storage. Only AFTER_1_ACCESS is accepted string "AFTER_1_ACCESS" no

Outputs

Name Description
access_point_arns ARNs of created access points.
access_point_ids IDs of created access points.
arn ARN of filesystem.
dns_name DNS address of filesystem.
id Id of filesystem.
kms_key_id ID of the KMS key used to encrypt the EFS.
number_of_mount_targets Number of mount targets of the EFS file system.
size_in_bytes Size of the EFS file system.

Providers

Name Version
aws >= 5.35
random >= 3.4

Resources

  • resource.aws_efs_access_point.main (main.tf#48)
  • resource.aws_efs_file_system.main (main.tf#3)
  • resource.aws_efs_file_system_policy.main (main.tf#41)
  • resource.aws_efs_mount_target.main (main.tf#32)
  • resource.random_uuid.main (main.tf#1)
  • data source.aws_iam_policy_document.main (data.tf#1)

Examples

Basic Example

module "basic-example" {
  source = "../../"

  name = var.storage_name

  private_subnets = var.private_subnets
  security_groups = var.security_groups
}

with enhanced Backups

module "with-enhanced-backups" {
  source = "../../"

  name            = "efs1"
  private_subnets = ["subnet-12345678", "subnet-12345678"]
  security_groups = ["sg-12345678"]

  enable_enhanced_backups = true
}