Terraform module with create EFS resouces on AWS.
- Mount Target and Access Point Support.
- Can enabled KMS Encryption.
- Backup Enable/Disable.
- Additonal Cluster Ingress Rule for EKS support.
- Client Security Group for attach AWS resources (Allow to access EFS).
module "efs_storage" {
source = "git::ssh://git@github.com/<repository>/terraform-aws-efs.git?ref=v1.0.0"
# Generics
prefix = "customer"
environment = "dev"
name = "demo"
vpc_id = var.vpc_id
subnets = var.database_subnet_ids
associated_security_group_ids = ["sg-0049e34f3dbd35286"]
enabled_backup = true
efs_backup_policy_enabled = true
access_points = {
"data" = {
posix_user = {
gid = "1001"
uid = "5000"
secondary_gids = "1002,1003"
}
creation_info = {
gid = "1001"
uid = "5000"
permissions = "0755"
}
}
}
additional_cluster_security_group_ingress_rules = [{
from_port = 2049
to_port = 2049
protocol = "tcp"
cidr_blocks = ["10.105.0.0/16"]
description = "test"
}]
tags = {
"Workspace" = "custom-workspace"
}
}| Name | Version |
|---|---|
| terraform | >= 1.0.0 |
| aws | >= 4.00 |
| Name | Version |
|---|---|
| aws | >= 4.00 |
No modules.
| Name | Type |
|---|---|
| aws_efs_access_point.default | resource |
| aws_efs_backup_policy.policy | resource |
| aws_efs_file_system.default | resource |
| aws_efs_file_system_policy.policy | resource |
| aws_efs_mount_target.default | resource |
| aws_security_group.client | resource |
| aws_security_group.efs | resource |
| aws_security_group_rule.additional_cluster_ingress | resource |
| aws_security_group_rule.egress | resource |
| aws_security_group_rule.ingress | resource |
| aws_caller_identity.this | data source |
| aws_iam_policy_document.efs_resource_based_policy | data source |
| aws_iam_policy_document.this | data source |
| aws_region.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| access_points | A map of the access points you would like in your EFS volume See [examples/complete] for an example on how to set this up. All keys are strings. The primary keys are the names of access points. The secondary keys are posix_user and creation_info.The secondary_gids key should be a comma separated value. More information can be found in the terraform resource efs_access_point. |
map(map(map(any))) |
{} |
no |
| additional_cluster_security_group_ingress_rules | Additional ingress rule for cluster security group. | list(any) |
[] |
no |
| additional_efs_resource_policies | Additional IAM policies block, input as data source. Ref: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document | list(string) |
[] |
no |
| availability_zone_name | AWS Availability Zone in which to create the file system. Used to create a file system that uses One Zone storage classes. If set, a single subnet in the same availability zone should be provided to subnets |
string |
null |
no |
| bypass_policy_lockout_safety_check | A flag to indicate whether to bypass the aws_efs_file_system_policy lockout safety check. The policy lockout safety check determines whether the policy in the request will prevent the principal making the request will be locked out from making future PutFileSystemPolicy requests on the file system. Set bypass_policy_lockout_safety_check to true only when you intend to prevent the principal that is making the request from making a subsequent PutFileSystemPolicy request on the file system. The default value is false. | bool |
false |
no |
| efs_backup_policy_enabled | If true, it will turn on automatic backups. |
bool |
false |
no |
| enabled_backup | Enable Backup EFS | bool |
false |
no |
| encrypted | If true, the file system will be encrypted | bool |
true |
no |
| environment | Environment Variable used as a prefix | string |
n/a | yes |
| is_created_efs | Is create EFS | bool |
true |
no |
| kms_key_id | If set, use a specific KMS key | string |
null |
no |
| mount_target_ip_address | The address (within the address range of the specified subnet) at which the file system may be mounted via the mount target | string |
null |
no |
| name | Name of the EFS cluster to create | string |
n/a | yes |
| performance_mode | The file system performance mode. Can be either generalPurpose or maxIO |
string |
"generalPurpose" |
no |
| prefix | The prefix name of customer to be displayed in AWS console and resource | string |
n/a | yes |
| provisioned_throughput_in_mibps | The throughput, measured in MiB/s, that you want to provision for the file system. Only applicable with throughput_mode set to provisioned |
number |
0 |
no |
| subnets | Subnet IDs | list(string) |
n/a | yes |
| tags | Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys | map(any) |
{} |
no |
| throughput_mode | Throughput mode for the file system. Defaults to bursting. Valid values: bursting, provisioned. When using provisioned, also set provisioned_throughput_in_mibps |
string |
"bursting" |
no |
| transition_to_ia | Indicates how long it takes to transition files to the Infrequent Access (IA) storage class. Valid values: AFTER_7_DAYS, AFTER_14_DAYS, AFTER_30_DAYS, AFTER_60_DAYS and AFTER_90_DAYS. Default (no value) means "never". | list(string) |
[] |
no |
| transition_to_primary_storage_class | Describes the policy used to transition a file from Infrequent Access (IA) storage to primary storage. Valid values: AFTER_1_ACCESS. | list(string) |
[] |
no |
| vpc_id | VPC ID | string |
n/a | yes |
| Name | Description |
|---|---|
| access_point_arns | EFS AP ARNs |
| access_point_ids | EFS AP ids |
| arn | EFS ARN |
| dns_name | The DNS name for the filesystem |
| id | EFS ID |
| mount_target_dns_names | List of EFS mount target DNS names |
| mount_target_ids | List of EFS mount target IDs (one per Availability Zone) |
| mount_target_ips | List of EFS mount target IPs (one per Availability Zone) |
| network_interface_ids | List of mount target network interface IDs |
| security_group_client_id | EFS Security Group Client ID |
| security_group_id | EFS Security GroupID |