class aws_cdk.aws_efs.FileSystem(scope, id, *, vpc, enable_automatic_backups=None, encrypted=None, file_system_name=None, kms_key=None, lifecycle_policy=None, performance_mode=None, provisioned_throughput_per_second=None, removal_policy=None, security_group=None, throughput_mode=None, vpc_subnets=None)

Bases: aws_cdk.core.Resource

The Elastic File System implementation of IFileSystem.

It creates a new, empty file system in Amazon Elastic File System (Amazon EFS). It also creates mount target (AWS::EFS::MountTarget) implicitly to mount the EFS file system on an Amazon Elastic Compute Cloud (Amazon EC2) instance or another resource.




Constructor for creating a new EFS FileSystem.

  • scope (Construct) –

  • id (str) –

  • vpc (IVpc) – VPC to launch the file system in.

  • enable_automatic_backups (Optional[bool]) – Whether to enable automatic backups for the file system. Default: false

  • encrypted (Optional[bool]) – Defines if the data at rest in the file system is encrypted or not. Default: - If your application has the ‘

  • file_system_name (Optional[str]) – The file system’s name. Default: - CDK generated name

  • kms_key (Optional[IKey]) – The KMS key used for encryption. This is required to encrypt the data at rest if @encrypted is set to true. Default: - if ‘encrypted’ is true, the default key for EFS (/aws/elasticfilesystem) is used

  • lifecycle_policy (Optional[LifecyclePolicy]) – A policy used by EFS lifecycle management to transition files to the Infrequent Access (IA) storage class. Default: - None. EFS will not transition files to the IA storage class.

  • performance_mode (Optional[PerformanceMode]) – The performance mode that the file system will operate under. An Amazon EFS file system’s performance mode can’t be changed after the file system has been created. Updating this property will replace the file system. Default: PerformanceMode.GENERAL_PURPOSE

  • provisioned_throughput_per_second (Optional[Size]) – Provisioned throughput for the file system. This is a required property if the throughput mode is set to PROVISIONED. Must be at least 1MiB/s. Default: - none, errors out

  • removal_policy (Optional[RemovalPolicy]) – The removal policy to apply to the file system. Default: RemovalPolicy.RETAIN

  • security_group (Optional[ISecurityGroup]) – Security Group to assign to this file system. Default: - creates new security group which allows all outbound traffic

  • throughput_mode (Optional[ThroughputMode]) – Enum to mention the throughput mode of the file system. Default: ThroughputMode.BURSTING

  • vpc_subnets (Optional[SubnetSelection]) – Which subnets to place the mount target in the VPC. Default: - the Vpc default strategy if not specified


add_access_point(id, *, create_acl=None, path=None, posix_user=None)

create access point from this filesystem.

  • id (str) –

  • create_acl (Optional[Acl]) – Specifies the POSIX IDs and permissions to apply when creating the access point’s root directory. If the root directory specified by path does not exist, EFS creates the root directory and applies the permissions specified here. If the specified path does not exist, you must specify createAcl. Default: - None. The directory specified by path must exist.

  • path (Optional[str]) – Specifies the path on the EFS file system to expose as the root directory to NFS clients using the access point to access the EFS file system. Default: ‘/’

  • posix_user (Optional[PosixUser]) – The full POSIX identity, including the user ID, group ID, and any secondary group IDs, on the access point that is used for all file system operations performed by NFS clients using the access point. Specify this to enforce a user identity using an access point. Default: - user identity not enforced

Return type



Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DELETE), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).


policy (RemovalPolicy) –

Return type



Returns a string representation of this construct.

Return type




The security groups/rules used to allow network connections to the file system.

Return type



The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

Return type



The ID of the file system, assigned by Amazon EFS.



Return type



Dependable that can be depended upon to ensure the mount targets of the filesystem are ready.

Return type



The construct tree node associated with this construct.

Return type



The stack in which this resource is defined.

Return type


Static Methods

classmethod from_file_system_attributes(scope, id, *, file_system_id, security_group)

Import an existing File System from the given properties.

  • scope (Construct) –

  • id (str) –

  • file_system_id (str) – The File System’s ID.

  • security_group (ISecurityGroup) – The security group of the file system.

Return type


classmethod is_construct(x)

Return whether the given object is a Construct.


x (Any) –

Return type


classmethod is_resource(construct)

Check whether the given construct is a Resource.


construct (IConstruct) –

Return type