How to create an AWS EFS file system using CloudFormation

You can download this article in PDF format via the link below to support us.Download the guide in PDF formatClose

EFS is short for Elastic File System. It is a managed network file system (NFS) that can be installed on multiple Linux EC2 instances to allow file sharing between instances. EFS is a multi-availability zone, so it can be installed on instances in different availability zones. This guide will guide you to create an EFS file system on AWS using CloudFormation automation templates.

The benefits of using EFS include:

  • Although more expensive than Elastic Block Store (EBS volume), you only pay for the goods you use.
  • It can be easily expanded to petabytes of data.
  • Provides encryption options, so it is very secure.
  • It has high availability and durability.

Use cases for EFS include:

  • Web application.
  • Content management.
  • data analysis.
  • Container storage.

How EFS works: Source: https://aws.amazon.com/efs/

Step 1: Check the prerequisites/requirements

Before continuing to create an EFS file system, users need to meet the following conditions:

  • An AWS account.
  • Created a user authorized to create resources on the AWS account.
  • IDEs like visual studio code can write and edit CloudFormation templates.
  • Create a VPC with a subnet and Internet connection.
  • Created an EC2 security group. The EC2 instance will use it to connect to EFS for installation.

Step 2: Create EFS file system

The EFS file system can be created manually or using CloudFormation templates.

Create EFS using CloudFormation template

To use CloudFormation, please find the following template for creating an EFS file system and mounting target.

AWSTemplateFormatVersion: "2010-09-09"
Description: "Create EFS system and Mount Targets for test VPC"

Parameters:
    VPC:
        Type: String
        Description: The VPC identity
        Default: vpc-ID

    SubnetID1:
        Type: String
        Description: The subnet where to launch the service
        Default: subnet-ID

    SubnetID2:
        Type: String
        Description: the subnet where to Launch the service
        Default: subnet-ID

    SubnetID3:
        Type: String
        Description: The subnet where to launch the service
        Default: subnet-ID

    SubnetID4:
        Type: String
        Description: the subnet where to Launch the service
        Default: subnet-ID
    
Resources:
    EFSSecurityGroup:
        Type: "AWS::EC2::SecurityGroup"
        Properties:
            GroupDescription: "security group for the prod EFS"
            GroupName: "test-EFS-SG"
            VpcId: !Ref VPC
            SecurityGroupIngress: 
              - 
                SourceSecurityGroupId: sg-ID
                Description: "servers to connect to efs"
                FromPort: 2049
                IpProtocol: "tcp"
                ToPort: 2049
            Tags:
              - 
                Key: Environment
                Value: prod
              - 
                Key: Name
                Value: test-VPC-EFS-SG
              - 
                Key: Project
                Value: test-blog
              - 
                Key: createdBy
                Value: Maureen Barasa

    EFSFileSystem:
        Type: AWS::EFS::FileSystem
        Properties:
            BackupPolicy:
              Status: ENABLED
            Encrypted: true
            LifecyclePolicies:
              - TransitionToIA: AFTER_60_DAYS
            PerformanceMode: generalPurpose
            Encrypted: true
            ThroughputMode: bursting
            FileSystemTags: 
              - 
                Key: Environment
                Value: test
              - 
                Key: Name
                Value: test-VPC-EFS
              - 
                Key: Project
                Value: test-blog
              - 
                Key: createdBy
                Value: Maureen Barasa

    MountTarget1:
        Type: AWS::EFS::MountTarget
        Properties: 
            FileSystemId: !Ref EFSFileSystem
            IpAddress: *.*.*.*
            SecurityGroups: 
              - !Ref EFSSecurityGroup
            SubnetId: !Ref SubnetID1

    MountTarget2:
        Type: AWS::EFS::MountTarget
        Properties: 
            FileSystemId: !Ref EFSFileSystem
            IpAddress: *.*.*.*
            SecurityGroups: 
              - !Ref EFSSecurityGroup
            SubnetId: !Ref SubnetID2

    MountTarget3:
        Type: AWS::EFS::MountTarget
        Properties: 
            FileSystemId: !Ref EFSFileSystem
            IpAddress: *.*.*.*
            SecurityGroups: 
              - !Ref EFSSecurityGroup
            SubnetId: !Ref SubnetID3

    MountTarget4:
        Type: AWS::EFS::MountTarget
        Properties: 
            FileSystemId: !Ref EFSFileSystem
            IpAddress: *.*.*.*
            SecurityGroups: 
              - !Ref EFSSecurityGroup
            SubnetId: !Ref SubnetID4

Outputs:
  EFS:
    Description: The created EFS 
    Value: !Ref EFSFileSystem

  EFSMountTarget1:
    Description: The EFS MountTarget1
    Value: !Ref MountTarget1

  EFSMountTarget2:
    Description: The EFS MountTarget2
    Value: !Ref MountTarget2

  EFSMountTarget3:
    Description: The EFS MountTarget3
    Value: !Ref MountTarget3

  EFSMountTarget4:
    Description: The EFS MountTarget4
    Value: !Ref MountTarget4

We use CodePipeline deployment templates or create stacks on the CloudFormation console.

Introduction to CloudFormation templates

The template consists of 3 parts. Parameters, resources and output parts.

parameter:

In the resource section, we ask users to enter the dynamic variables of their template. In our case, the user should replace:

  • VPC ID (replace with your VPC ID)
  • Subnet ID (replace with your subnet ID)

Similarly, the included subnet should be the subnet where the user intends to create installation targets for EFS.

Resources:

The user defines the AWS resources to be created here. For our case, we first create the EFS security group. The user should change:

  • SourceSecurityGroupId (should reflect the security group of the ec2 instance that should access EFS).

Next, it creates the EFS file system. The user should browse the file system properties and change to specific requirements. E.g:

  • Performance mode (we can choose general or maximum IO (max IO)
  • Throughput mode (user can choose burst mode or pre-configured)

In addition, users should pay attention to the labels to customize as needed.

Finally, create the mount target. The user should make changes here:

  • The IP address of each load target (it should reflect the unused IP on the CIDR block of the subnet).

For example, if your subnet block CIDR is 10.0.0.0/26, keep the first 5 IPs and the last IP. Therefore, the user can use any unassigned IP from 10.0.0.7 to 10.0.0.62.

Output:

The output part of the template indicates that CloudFormation outputs the name of the resource created. For example, in this example, we have instructed the template to output:

  • The name/ID of the EFS created.
  • The name/ID of the created mount target.

Manually create EFS on the EFS console

On the EFS console, select the file system. Then click Create File System.

How to create an AWS EFS file system using CloudFormationCreate a file system

Next, on the Create File System screen, click Customize.

How to create an AWS EFS file system using CloudFormationCustomize your EFS configuration

Then, enter the file system settings according to your specific requirements.

How to create an AWS EFS file system using CloudFormationEnter file system settings

Now, the user should enter the network access settings for the file system. This includes the VPC, the subnet of the installation target, and the security group. When finished, click Next.

How to create an AWS EFS file system using CloudFormationNetwork access settings

After that, users should set policies for their EFS. This part is optional. When finished, click Next.

How to create an AWS EFS file system using CloudFormationSet EFS policy

Finally, the user can view the settings and click Create if they are satisfied with everything. Your file system will now be created.

Beware of my next article, where I explain how to mount EFS to your Linux instance.

Happy Building! ! !

You can download this article in PDF format via the link below to support us.Download the guide in PDF formatClose

Sidebar