terraform-aws-efs

Terraform module with create EFS resouces on AWS.

• Mount Target and Access Point Support.
• Can enabled KMS Encryption.
• Backup Enable/Disable.
• Additonal Cluster Ingress Rule for EKS support.
• Client Security Group for attach AWS resources (Allow to access EFS).

Usage

module "efs_storage" {
  source = "git::ssh://git@github.com/<repository>/terraform-aws-efs.git?ref=v1.0.0"

  # Generics
  prefix      = "customer"
  environment = "dev"
  name        = "demo"

  vpc_id    = var.vpc_id
  subnets   = var.database_subnet_ids

  associated_security_group_ids = ["sg-0049e34f3dbd35286"]
  
  enabled_backup = true
  efs_backup_policy_enabled = true

  access_points = {
    "data" = {
      posix_user = {
        gid            = "1001"
        uid            = "5000"
        secondary_gids = "1002,1003"
      }
      creation_info = {
        gid         = "1001"
        uid         = "5000"
        permissions = "0755"
      }
    }
  }
  additional_cluster_security_group_ingress_rules = [{
    from_port                = 2049
    to_port                  = 2049
    protocol                 = "tcp"
    cidr_blocks              = ["10.105.0.0/16"]
    description              = "test"
  }]

  tags = {
    "Workspace" = "custom-workspace"
  }
}

Requirements

Name	Version
terraform	>= 1.0.0
aws	>= 4.00

Providers

Name	Version
aws	>= 4.00

Modules

No modules.

Resources

Name	Type
aws_efs_access_point.default	resource
aws_efs_backup_policy.policy	resource
aws_efs_file_system.default	resource
aws_efs_file_system_policy.policy	resource
aws_efs_mount_target.default	resource
aws_security_group.client	resource
aws_security_group.efs	resource
aws_security_group_rule.additional_cluster_ingress	resource
aws_security_group_rule.egress	resource
aws_security_group_rule.ingress	resource
aws_caller_identity.this	data source
aws_iam_policy_document.efs_resource_based_policy	data source
aws_iam_policy_document.this	data source
aws_region.this	data source

Inputs

Name	Description	Type	Default	Required
access_points	A map of the access points you would like in your EFS volume See [examples/complete] for an example on how to set this up. All keys are strings. The primary keys are the names of access points. The secondary keys are posix_user and creation_info. The secondary_gids key should be a comma separated value. More information can be found in the terraform resource efs_access_point.	map(map(map(any)))	{}	no
additional_cluster_security_group_ingress_rules	Additional ingress rule for cluster security group.	list(any)	[]	no
additional_efs_resource_policies	Additional IAM policies block, input as data source. Ref: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document	list(string)	[]	no
availability_zone_name	AWS Availability Zone in which to create the file system. Used to create a file system that uses One Zone storage classes. If set, a single subnet in the same availability zone should be provided to subnets	string	null	no
bypass_policy_lockout_safety_check	A flag to indicate whether to bypass the aws_efs_file_system_policy lockout safety check. The policy lockout safety check determines whether the policy in the request will prevent the principal making the request will be locked out from making future PutFileSystemPolicy requests on the file system. Set bypass_policy_lockout_safety_check to true only when you intend to prevent the principal that is making the request from making a subsequent PutFileSystemPolicy request on the file system. The default value is false.	bool	false	no
efs_backup_policy_enabled	If true, it will turn on automatic backups.	bool	false	no
enabled_backup	Enable Backup EFS	bool	false	no
encrypted	If true, the file system will be encrypted	bool	true	no
environment	Environment Variable used as a prefix	string	n/a	yes
is_created_efs	Is create EFS	bool	true	no
kms_key_id	If set, use a specific KMS key	string	null	no
mount_target_ip_address	The address (within the address range of the specified subnet) at which the file system may be mounted via the mount target	string	null	no
name	Name of the EFS cluster to create	string	n/a	yes
performance_mode	The file system performance mode. Can be either generalPurpose or maxIO	string	"generalPurpose"	no
prefix	The prefix name of customer to be displayed in AWS console and resource	string	n/a	yes
provisioned_throughput_in_mibps	The throughput, measured in MiB/s, that you want to provision for the file system. Only applicable with throughput_mode set to provisioned	number	0	no
subnets	Subnet IDs	list(string)	n/a	yes
tags	Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys	map(any)	{}	no
throughput_mode	Throughput mode for the file system. Defaults to bursting. Valid values: bursting, provisioned. When using provisioned, also set provisioned_throughput_in_mibps	string	"bursting"	no
transition_to_ia	Indicates how long it takes to transition files to the Infrequent Access (IA) storage class. Valid values: AFTER_7_DAYS, AFTER_14_DAYS, AFTER_30_DAYS, AFTER_60_DAYS and AFTER_90_DAYS. Default (no value) means "never".	list(string)	[]	no
transition_to_primary_storage_class	Describes the policy used to transition a file from Infrequent Access (IA) storage to primary storage. Valid values: AFTER_1_ACCESS.	list(string)	[]	no
vpc_id	VPC ID	string	n/a	yes

Outputs

Name	Description
access_point_arns	EFS AP ARNs
access_point_ids	EFS AP ids
arn	EFS ARN
dns_name	The DNS name for the filesystem
id	EFS ID
mount_target_dns_names	List of EFS mount target DNS names
mount_target_ids	List of EFS mount target IDs (one per Availability Zone)
mount_target_ips	List of EFS mount target IPs (one per Availability Zone)
network_interface_ids	List of mount target network interface IDs
security_group_client_id	EFS Security Group Client ID
security_group_id	EFS Security GroupID