file_systems
Creates, updates, deletes or gets a file_system resource or lists file_systems in a region
Overview
| Name | file_systems |
| Type | Resource |
| Description | The AWS::EFS::FileSystem resource creates a new, empty file system in EFSlong (EFS). You must create a mount target ([AWS::EFS::MountTarget](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html)) to mount your EFS file system on an EC2 or other AWS cloud compute resource. |
| Id | aws.efs.file_systems |
Fields
| Name | Datatype | Description |
|---|---|---|
file_system_id | string | |
arn | string | |
encrypted | boolean | A Boolean value that, if true, creates an encrypted file system. When creating an encrypted file system, you have the option of specifying a KmsKeyId for an existing kms-key-long. If you don't specify a kms-key, then the default kms-key for EFS, /aws/elasticfilesystem, is used to protect the encrypted file system. |
file_system_tags | array | Use to create one or more tags associated with the file system. Each tag is a user-defined key-value pair. Name your file system on creation by including a "Key":"Name","Value":"{value}" key-value pair. Each key must be unique. For more information, see [Tagging resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in the *General Reference Guide*. |
kms_key_id | string | The ID of the kms-key-long to be used to protect the encrypted file system. This parameter is only required if you want to use a nondefault kms-key. If this parameter is not specified, the default kms-key for EFS is used. This ID can be in one of the following formats: + Key ID - A unique identifier of the key, for example 1234abcd-12ab-34cd-56ef-1234567890ab.+ ARN - An Amazon Resource Name (ARN) for the key, for example arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab.+ Key alias - A previously created display name for a key, for example alias/projectKey1.+ Key alias ARN - An ARN for a key alias, for example arn:aws:kms:us-west-2:444455556666:alias/projectKey1.If KmsKeyId is specified, the Encrypted parameter must be set to true. |
lifecycle_policies | array | An array of LifecyclePolicy objects that define the file system's LifecycleConfiguration object. A LifecycleConfiguration object informs Lifecycle management of the following:+ When to move files in the file system from primary storage to IA storage. + When to move files in the file system from primary storage or IA storage to Archive storage. + When to move files that are in IA or Archive storage to primary storage. EFS requires that each LifecyclePolicy object have only a single transition. This means that in a request body, LifecyclePolicies needs to be structured as an array of LifecyclePolicy objects, one object for each transition, TransitionToIA, TransitionToArchive TransitionToPrimaryStorageClass. See the example requests in the following section for more information. |
file_system_protection | object | Describes the protection on the file system. |
performance_mode | string | The Performance mode of the file system. We recommend generalPurpose performance mode for all file systems. File systems using the maxIO performance mode can scale to higher levels of aggregate throughput and operations per second with a tradeoff of slightly higher latencies for most file operations. The performance mode can't be changed after the file system has been created. The maxIO mode is not supported on One Zone file systems.Due to the higher per-operation latencies with Max I/O, we recommend using General Purpose performance mode for all file systems. Default is generalPurpose. |
provisioned_throughput_in_mibps | number | The throughput, measured in mebibytes per second (MiBps), that you want to provision for a file system that you're creating. Required if ThroughputMode is set to provisioned. Valid values are 1-3414 MiBps, with the upper limit depending on Region. To increase this limit, contact SUP. For more information, see [Amazon EFS quotas that you can increase](https://docs.aws.amazon.com/efs/latest/ug/limits.html#soft-limits) in the *Amazon EFS User Guide*. |
throughput_mode | string | Specifies the throughput mode for the file system. The mode can be bursting, provisioned, or elastic. If you set ThroughputMode to provisioned, you must also set a value for ProvisionedThroughputInMibps. After you create the file system, you can decrease your file system's Provisioned throughput or change between the throughput modes, with certain time restrictions. For more information, see [Specifying throughput with provisioned mode](https://docs.aws.amazon.com/efs/latest/ug/performance.html#provisioned-throughput) in the *Amazon EFS User Guide*. Default is bursting. |
file_system_policy | object | The FileSystemPolicy for the EFS file system. A file system policy is an IAM resource policy used to control NFS access to an EFS file system. For more information, see [Using to control NFS access to Amazon EFS](https://docs.aws.amazon.com/efs/latest/ug/iam-access-control-nfs-efs.html) in the *Amazon EFS User Guide*. |
bypass_policy_lockout_safety_check | boolean | (Optional) A boolean that specifies whether or not to bypass the FileSystemPolicy lockout safety check. The lockout safety check determines whether the policy in the request will lock out, or prevent, the IAM principal that is making the request from making future PutFileSystemPolicy requests on this file system. Set BypassPolicyLockoutSafetyCheck to True only when you intend to prevent the IAM principal that is making the request from making subsequent PutFileSystemPolicy requests on this file system. The default value is False. |
backup_policy | object | Use the BackupPolicy to turn automatic backups on or off for the file system. |
availability_zone_name | string | For One Zone file systems, specify the AWS Availability Zone in which to create the file system. Use the format us-east-1a to specify the Availability Zone. For more information about One Zone file systems, see [EFS file system types](https://docs.aws.amazon.com/efs/latest/ug/availability-durability.html#file-system-type) in the *Amazon EFS User Guide*.One Zone file systems are not available in all Availability Zones in AWS-Regions where Amazon EFS is available. |
replication_configuration | object | Describes the replication configuration for a specific file system. |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all file_systems in a region.
SELECT
region,
file_system_id,
arn,
encrypted,
file_system_tags,
kms_key_id,
lifecycle_policies,
file_system_protection,
performance_mode,
provisioned_throughput_in_mibps,
throughput_mode,
file_system_policy,
bypass_policy_lockout_safety_check,
backup_policy,
availability_zone_name,
replication_configuration
FROM aws.efs.file_systems
WHERE region = 'us-east-1';
Gets all properties from an individual file_system.
SELECT
region,
file_system_id,
arn,
encrypted,
file_system_tags,
kms_key_id,
lifecycle_policies,
file_system_protection,
performance_mode,
provisioned_throughput_in_mibps,
throughput_mode,
file_system_policy,
bypass_policy_lockout_safety_check,
backup_policy,
availability_zone_name,
replication_configuration
FROM aws.efs.file_systems
WHERE region = 'us-east-1' AND data__Identifier = '<FileSystemId>';
INSERT example
Use the following StackQL query and manifest file to create a new file_system resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.efs.file_systems (
Encrypted,
FileSystemTags,
KmsKeyId,
LifecyclePolicies,
FileSystemProtection,
PerformanceMode,
ProvisionedThroughputInMibps,
ThroughputMode,
FileSystemPolicy,
BypassPolicyLockoutSafetyCheck,
BackupPolicy,
AvailabilityZoneName,
ReplicationConfiguration,
region
)
SELECT
'{{ Encrypted }}',
'{{ FileSystemTags }}',
'{{ KmsKeyId }}',
'{{ LifecyclePolicies }}',
'{{ FileSystemProtection }}',
'{{ PerformanceMode }}',
'{{ ProvisionedThroughputInMibps }}',
'{{ ThroughputMode }}',
'{{ FileSystemPolicy }}',
'{{ BypassPolicyLockoutSafetyCheck }}',
'{{ BackupPolicy }}',
'{{ AvailabilityZoneName }}',
'{{ ReplicationConfiguration }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.efs.file_systems (
Encrypted,
FileSystemTags,
KmsKeyId,
LifecyclePolicies,
FileSystemProtection,
PerformanceMode,
ProvisionedThroughputInMibps,
ThroughputMode,
FileSystemPolicy,
BypassPolicyLockoutSafetyCheck,
BackupPolicy,
AvailabilityZoneName,
ReplicationConfiguration,
region
)
SELECT
'{{ Encrypted }}',
'{{ FileSystemTags }}',
'{{ KmsKeyId }}',
'{{ LifecyclePolicies }}',
'{{ FileSystemProtection }}',
'{{ PerformanceMode }}',
'{{ ProvisionedThroughputInMibps }}',
'{{ ThroughputMode }}',
'{{ FileSystemPolicy }}',
'{{ BypassPolicyLockoutSafetyCheck }}',
'{{ BackupPolicy }}',
'{{ AvailabilityZoneName }}',
'{{ ReplicationConfiguration }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: file_system
props:
- name: Encrypted
value: '{{ Encrypted }}'
- name: FileSystemTags
value:
- Key: '{{ Key }}'
Value: '{{ Value }}'
- name: KmsKeyId
value: '{{ KmsKeyId }}'
- name: LifecyclePolicies
value:
- TransitionToIA: '{{ TransitionToIA }}'
TransitionToPrimaryStorageClass: '{{ TransitionToPrimaryStorageClass }}'
TransitionToArchive: '{{ TransitionToArchive }}'
- name: FileSystemProtection
value:
ReplicationOverwriteProtection: '{{ ReplicationOverwriteProtection }}'
- name: PerformanceMode
value: '{{ PerformanceMode }}'
- name: ProvisionedThroughputInMibps
value: null
- name: ThroughputMode
value: '{{ ThroughputMode }}'
- name: FileSystemPolicy
value: {}
- name: BypassPolicyLockoutSafetyCheck
value: '{{ BypassPolicyLockoutSafetyCheck }}'
- name: BackupPolicy
value:
Status: '{{ Status }}'
- name: AvailabilityZoneName
value: '{{ AvailabilityZoneName }}'
- name: ReplicationConfiguration
value:
Destinations:
- FileSystemId: '{{ FileSystemId }}'
Region: '{{ Region }}'
AvailabilityZoneName: '{{ AvailabilityZoneName }}'
KmsKeyId: '{{ KmsKeyId }}'
DELETE example
/*+ delete */
DELETE FROM aws.efs.file_systems
WHERE data__Identifier = '<FileSystemId>'
AND region = 'us-east-1';
Permissions
To operate on the file_systems resource, the following permissions are required:
Create
elasticfilesystem:CreateFileSystem,
elasticfilesystem:DescribeReplicationConfigurations,
elasticfilesystem:TagResource,
elasticfilesystem:CreateReplicationConfiguration,
elasticfilesystem:DescribeFileSystems,
elasticfilesystem:PutBackupPolicy,
elasticfilesystem:PutFileSystemPolicy,
elasticfilesystem:PutLifecycleConfiguration,
elasticfilesystem:UpdateFileSystemProtection,
kms:DescribeKey,
kms:GenerateDataKeyWithoutPlaintext,
kms:CreateGrant
Read
elasticfilesystem:DescribeBackupPolicy,
elasticfilesystem:DescribeFileSystemPolicy,
elasticfilesystem:DescribeFileSystems,
elasticfilesystem:DescribeLifecycleConfiguration,
elasticfilesystem:DescribeReplicationConfigurations
Update
elasticfilesystem:CreateReplicationConfiguration,
elasticfilesystem:DeleteFileSystemPolicy,
elasticfilesystem:DescribeBackupPolicy,
elasticfilesystem:DescribeFileSystemPolicy,
elasticfilesystem:DescribeFileSystems,
elasticfilesystem:DescribeLifecycleConfiguration,
elasticfilesystem:DescribeReplicationConfigurations,
elasticfilesystem:DeleteTags,
elasticfilesystem:DeleteReplicationConfiguration,
elasticfilesystem:ListTagsForResource,
elasticfilesystem:PutBackupPolicy,
elasticfilesystem:PutFileSystemPolicy,
elasticfilesystem:PutLifecycleConfiguration,
elasticfilesystem:TagResource,
elasticfilesystem:UntagResource,
elasticfilesystem:UpdateFileSystem,
elasticfilesystem:UpdateFileSystemProtection,
kms:DescribeKey,
kms:GenerateDataKeyWithoutPlaintext,
kms:CreateGrant
Delete
elasticfilesystem:DescribeFileSystems,
elasticfilesystem:DeleteFileSystem,
elasticfilesystem:DeleteReplicationConfiguration,
elasticfilesystem:DescribeReplicationConfigurations
List
elasticfilesystem:DescribeBackupPolicy,
elasticfilesystem:DescribeFileSystemPolicy,
elasticfilesystem:DescribeFileSystems,
elasticfilesystem:DescribeLifecycleConfiguration,
elasticfilesystem:DescribeReplicationConfigurations