AWS::DataSync::LocationEFS - AWS CloudFormation

AWS::DataSync::LocationEFS

The AWS::DataSync::LocationEFS resource creates an endpoint for an Amazon EFS file system. AWS DataSync can access this endpoint as a source or destination location.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::DataSync::LocationEFS", "Properties" : { "AccessPointArn" : String, "Ec2Config" : Ec2Config, "EfsFilesystemArn" : String, "FileSystemAccessRoleArn" : String, "InTransitEncryption" : String, "Subdirectory" : String, "Tags" : [ Tag, ... ] } }

YAML

Type: AWS::DataSync::LocationEFS Properties: AccessPointArn: String Ec2Config: Ec2Config EfsFilesystemArn: String FileSystemAccessRoleArn: String InTransitEncryption: String Subdirectory: String Tags: - Tag

Properties

AccessPointArn

Specifies the Amazon Resource Name (ARN) of the access point that DataSync uses to access the Amazon EFS file system.

Required: No

Type: String

Maximum: 128

Pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):elasticfilesystem:[a-z\-0-9]+:[0-9]{12}:access-point/fsap-[0-9a-f]{8,40}$

Update requires: Replacement

Ec2Config

Specifies the subnet and security groups DataSync uses to access your Amazon EFS file system.

Required: Yes

Type: Ec2Config

Update requires: Replacement

EfsFilesystemArn

Specifies the ARN for the Amazon EFS file system.

Required: Yes

Type: String

Maximum: 128

Pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):elasticfilesystem:[a-z\-0-9]*:[0-9]{12}:file-system/fs-.*$

Update requires: Replacement

FileSystemAccessRoleArn

Specifies an AWS Identity and Access Management (IAM) role that DataSync assumes when mounting the Amazon EFS file system.

Required: No

Type: String

Maximum: 2048

Pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):iam::[0-9]{12}:role/.*$

Update requires: Replacement

InTransitEncryption

Specifies whether you want DataSync to use Transport Layer Security (TLS) 1.2 encryption when it copies data to or from the Amazon EFS file system.

If you specify an access point using AccessPointArn or an IAM role using FileSystemAccessRoleArn, you must set this parameter to TLS1_2.

Required: No

Type: String

Allowed values: NONE | TLS1_2

Update requires: Replacement

Subdirectory

Specifies a mount path for your Amazon EFS file system. This is where DataSync reads or writes data (depending on if this is a source or destination location). By default, DataSync uses the root directory, but you can also include subdirectories.

Note

You must specify a value with forward slashes (for example, /path/to/folder).

Required: No

Type: String

Maximum: 4096

Pattern: ^[a-zA-Z0-9_\-\+\./\(\)\p{Zs}]*$

Update requires: Replacement

Tags

Specifies the key-value pair that represents a tag that you want to add to the resource. The value can be an empty string. This value helps you manage, filter, and search for your resources. We recommend that you create a name tag for your location.

Required: No

Type: List of Tag

Maximum: 50

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the location resource ARN. For example:

arn:aws:datasync:us-east-2:111222333444:location/loc-07db7abfc326c50s3

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

LocationArn

The Amazon Resource Name (ARN) of the Amazon EFS file system.

LocationUri

The URI of the Amazon EFS file system.

Examples

Creating an Amazon EFS location

The following example creates a DataSync location for an Amazon EFS file system.

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Specifies a DataSync location for an Amazon EFS file system.", "Resources": { "LocationEFS": { "Type": "AWS::DataSync::LocationEFS", "Properties": { "Ec2Config": { "SecurityGroupArns": [ "arn:aws:ec2:us-east-2:11122233344:security-group/sg-1234567890abcdef2" ], "SubnetArn": "arn:aws:ec2:us-east-2:11122233344:subnet/subnet-1234567890abcdef1" }, "EfsFilesystemArn": "arn:aws:elasticfilesystem:us-east-2:111222333444:file-system/fs-021345abcdef6789", "Subdirectory": "/mount/path" } } } }

YAML

AWSTemplateFormatVersion: 2010-09-09 Description: Specifies a DataSync location for an Amazon EFS file system. Resources: LocationEFS: Type: AWS::DataSync::LocationEFS Properties: Ec2Config: SecurityGroupArns: - arn:aws:ec2:us-east-2:11122233344:security-group/sg-1234567890abcdef2 SubnetArn: arn:aws:ec2:us-east-2:11122233344:subnet/subnet-1234567890abcdef1 EfsFilesystemArn: arn:aws:elasticfilesystem:us-east-2:111222333444:file-system/fs-021345abcdef6789 Subdirectory: /mount/path

Creating an Amazon EFS location with a higher level of security

The following example creates a DataSync location for an Amazon EFS file system that's configured for restricted access.

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Specifies a DataSync location for an Amazon EFS file system configured for restricted access.", "Resources": { "LocationEFS": { "Type": "AWS::DataSync::LocationEFS", "Properties": { "AccessPointArn": "arn:aws:elasticfilesystem:us-east-2:111222333444:access-point/fsap-1234567890abcdef0", "Ec2Config": { "SecurityGroupArns": [ "arn:aws:ec2:us-east-2:11122233344:security-group/sg-1234567890abcdef2" ], "SubnetArn": "arn:aws:ec2:us-east-2:11122233344:subnet/subnet-1234567890abcdef1" }, "EfsFilesystemArn": "arn:aws:elasticfilesystem:us-east-2:111222333444:file-system/fs-021345abcdef6789", "FileSystemAccessRoleArn": "arn:aws:iam::111222333444:role/AllowDataSyncAccess", "InTransitEncryption": "TLS1_2" } } } }

YAML

AWSTemplateFormatVersion: 2010-09-09 Description: Specifies a DataSync location for an Amazon EFS file system configured for restricted access. Resources: LocationEFS: Type: AWS::DataSync::LocationEFS Properties: AccessPointArn: arn:aws:elasticfilesystem:us-east-2:111222333444:access-point/fsap-1234567890abcdef0 Ec2Config: SecurityGroupArns: - arn:aws:ec2:us-east-2:11122233344:security-group/sg-1234567890abcdef2 SubnetArn: arn:aws:ec2:us-east-2:11122233344:subnet/subnet-1234567890abcdef1 EfsFilesystemArn: arn:aws:elasticfilesystem:us-east-2:111222333444:file-system/fs-021345abcdef6789 FileSystemAccessRoleArn: arn:aws:iam::111222333444:role/AllowDataSyncAccess InTransitEncryption: TLS1_2