FileSystem

class aws_cdk.aws_efs.FileSystem(scope, id, *, vpc, allow_anonymous_access=None, enable_automatic_backups=None, encrypted=None, file_system_name=None, file_system_policy=None, kms_key=None, lifecycle_policy=None, one_zone=None, out_of_infrequent_access_policy=None, performance_mode=None, provisioned_throughput_per_second=None, removal_policy=None, replication_configuration=None, replication_overwrite_protection=None, security_group=None, throughput_mode=None, transition_to_archive_policy=None, vpc_subnets=None)

Bases: Resource

The Elastic File System implementation of IFileSystem.

It creates a new, empty file system in Amazon Elastic File System (Amazon EFS). It also creates mount target (AWS::EFS::MountTarget) implicitly to mount the EFS file system on an Amazon Elastic Compute Cloud (Amazon EC2) instance or another resource.

See:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html

Resource:

AWS::EFS::FileSystem

ExampleMetadata:

infused

Example:

import aws_cdk.aws_iam as iam


role = iam.Role(self, "ClientRole",
    assumed_by=iam.AnyPrincipal()
)
file_system = efs.FileSystem(self, "MyEfsFileSystem",
    vpc=ec2.Vpc(self, "VPC"),
    allow_anonymous_access=True
)

file_system.grant_read(role)

Constructor for creating a new EFS FileSystem.

Parameters:
  • scope (Construct) –

  • id (str) –

  • vpc (IVpc) – VPC to launch the file system in.

  • allow_anonymous_access (Optional[bool]) – Allow access from anonymous client that doesn’t use IAM authentication. Default: false when using grantRead, grantWrite, grantRootAccess or set @aws-cdk/aws-efs:denyAnonymousAccess feature flag, otherwise true

  • enable_automatic_backups (Optional[bool]) – Whether to enable automatic backups for the file system. Default: false

  • encrypted (Optional[bool]) – Defines if the data at rest in the file system is encrypted or not. Default: - If your application has the @aws-cdk/aws-efs:defaultEncryptionAtRest’ feature flag set, the default is true, otherwise, the default is false.

  • file_system_name (Optional[str]) – The file system’s name. Default: - CDK generated name

  • file_system_policy (Optional[PolicyDocument]) – File system policy is an IAM resource policy used to control NFS access to an EFS file system. Default: none

  • kms_key (Optional[IKey]) – The KMS key used for encryption. This is required to encrypt the data at rest if Default: - if ‘encrypted’ is true, the default key for EFS (/aws/elasticfilesystem) is used

  • lifecycle_policy (Optional[LifecyclePolicy]) – A policy used by EFS lifecycle management to transition files to the Infrequent Access (IA) storage class. Default: - None. EFS will not transition files to the IA storage class.

  • one_zone (Optional[bool]) – Whether this is a One Zone file system. If enabled, performanceMode must be set to GENERAL_PURPOSE and vpcSubnets cannot be set. Default: false

  • out_of_infrequent_access_policy (Optional[OutOfInfrequentAccessPolicy]) – A policy used by EFS lifecycle management to transition files from Infrequent Access (IA) storage class to primary storage class. Default: - None. EFS will not transition files from IA storage to primary storage.

  • performance_mode (Optional[PerformanceMode]) – The performance mode that the file system will operate under. An Amazon EFS file system’s performance mode can’t be changed after the file system has been created. Updating this property will replace the file system. Default: PerformanceMode.GENERAL_PURPOSE

  • provisioned_throughput_per_second (Optional[Size]) – Provisioned throughput for the file system. This is a required property if the throughput mode is set to PROVISIONED. Must be at least 1MiB/s. Default: - none, errors out

  • removal_policy (Optional[RemovalPolicy]) – The removal policy to apply to the file system. Default: RemovalPolicy.RETAIN

  • replication_configuration (Optional[ReplicationConfiguration]) – Replication configuration for the file system. Default: - no replication

  • replication_overwrite_protection (Optional[ReplicationOverwriteProtection]) – Whether to enable the filesystem’s replication overwrite protection or not. Set false if you want to create a read-only filesystem for use as a replication destination. Default: ReplicationOverwriteProtection.ENABLED

  • security_group (Optional[ISecurityGroup]) – Security Group to assign to this file system. Default: - creates new security group which allows all outbound traffic

  • throughput_mode (Optional[ThroughputMode]) – Enum to mention the throughput mode of the file system. Default: ThroughputMode.BURSTING

  • transition_to_archive_policy (Optional[LifecyclePolicy]) – The number of days after files were last accessed in primary storage (the Standard storage class) at which to move them to Archive storage. Metadata operations such as listing the contents of a directory don’t count as file access events. Default: - None. EFS will not transition files to Archive storage class.

  • vpc_subnets (Union[SubnetSelection, Dict[str, Any], None]) – Which subnets to place the mount target in the VPC. Default: - the Vpc default strategy if not specified

Methods

add_access_point(id, *, client_token=None, create_acl=None, path=None, posix_user=None)

create access point from this filesystem.

Parameters:
  • id (str) –

  • client_token (Optional[str]) – The opaque string specified in the request to ensure idempotent creation. Default: - No client token

  • create_acl (Union[Acl, Dict[str, Any], None]) – Specifies the POSIX IDs and permissions to apply when creating the access point’s root directory. If the root directory specified by path does not exist, EFS creates the root directory and applies the permissions specified here. If the specified path does not exist, you must specify createAcl. Default: - None. The directory specified by path must exist.

  • path (Optional[str]) – Specifies the path on the EFS file system to expose as the root directory to NFS clients using the access point to access the EFS file system. Default: ‘/’

  • posix_user (Union[PosixUser, Dict[str, Any], None]) – The full POSIX identity, including the user ID, group ID, and any secondary group IDs, on the access point that is used for all file system operations performed by NFS clients using the access point. Specify this to enforce a user identity using an access point. Default: - user identity not enforced

Return type:

AccessPoint

add_to_resource_policy(statement)

Adds a statement to the resource policy associated with this file system.

A resource policy will be automatically created upon the first call to addToResourcePolicy.

Note that this does not work with imported file systems.

Parameters:

statement (PolicyStatement) – The policy statement to add.

Return type:

AddToResourcePolicyResult

apply_removal_policy(policy)

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

Parameters:

policy (RemovalPolicy) –

Return type:

None

grant(grantee, *actions)

Grant the actions defined in actions to the given grantee on this File System resource.

Parameters:
  • grantee (IGrantable) – Principal to grant right to.

  • actions (str) – The actions to grant.

Return type:

Grant

grant_read(grantee)

Grant read permissions for this file system to an IAM principal.

Parameters:

grantee (IGrantable) – The principal to grant read to.

Return type:

Grant

grant_read_write(grantee)

Grant read and write permissions for this file system to an IAM principal.

Parameters:

grantee (IGrantable) – The principal to grant read and write to.

Return type:

Grant

grant_root_access(grantee)

As root user, grant read and write permissions for this file system to an IAM principal.

Parameters:

grantee (IGrantable) – The principal to grant root access to.

Return type:

Grant

to_string()

Returns a string representation of this construct.

Return type:

str

Attributes

DEFAULT_PORT = 2049
connections

The security groups/rules used to allow network connections to the file system.

env

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

file_system_arn

The ARN of the file system.

Attribute:

true

file_system_id

The ID of the file system, assigned by Amazon EFS.

Attribute:

true

mount_targets_available

Dependable that can be depended upon to ensure the mount targets of the filesystem are ready.

node

The tree node.

stack

The stack in which this resource is defined.

Static Methods

classmethod from_file_system_attributes(scope, id, *, security_group, file_system_arn=None, file_system_id=None)

Import an existing File System from the given properties.

Parameters:
  • scope (Construct) –

  • id (str) –

  • security_group (ISecurityGroup) – The security group of the file system.

  • file_system_arn (Optional[str]) – The File System’s Arn. Default: - determined based on fileSystemId

  • file_system_id (Optional[str]) – The File System’s ID. Default: - determined based on fileSystemArn

Return type:

IFileSystem

classmethod is_construct(x)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

Parameters:

x (Any) – Any object.

Return type:

bool

Returns:

true if x is an object created from a class which extends Construct.

classmethod is_owned_resource(construct)

Returns true if the construct was created by CDK, and false otherwise.

Parameters:

construct (IConstruct) –

Return type:

bool

classmethod is_resource(construct)

Check whether the given construct is a Resource.

Parameters:

construct (IConstruct) –

Return type:

bool