FileSystem
- class aws_cdk.aws_efs.FileSystem(scope, id, *, vpc, allow_anonymous_access=None, enable_automatic_backups=None, encrypted=None, file_system_name=None, file_system_policy=None, kms_key=None, lifecycle_policy=None, one_zone=None, out_of_infrequent_access_policy=None, performance_mode=None, provisioned_throughput_per_second=None, removal_policy=None, replication_configuration=None, replication_overwrite_protection=None, security_group=None, throughput_mode=None, transition_to_archive_policy=None, vpc_subnets=None)
Bases:
Resource
The Elastic File System implementation of IFileSystem.
It creates a new, empty file system in Amazon Elastic File System (Amazon EFS). It also creates mount target (AWS::EFS::MountTarget) implicitly to mount the EFS file system on an Amazon Elastic Compute Cloud (Amazon EC2) instance or another resource.
- See:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html
- Resource:
AWS::EFS::FileSystem
- ExampleMetadata:
infused
Example:
import aws_cdk.aws_iam as iam role = iam.Role(self, "ClientRole", assumed_by=iam.AnyPrincipal() ) file_system = efs.FileSystem(self, "MyEfsFileSystem", vpc=ec2.Vpc(self, "VPC"), allow_anonymous_access=True ) file_system.grant_read(role)
Constructor for creating a new EFS FileSystem.
- Parameters:
scope (
Construct
) –id (
str
) –vpc (
IVpc
) – VPC to launch the file system in.allow_anonymous_access (
Optional
[bool
]) – Allow access from anonymous client that doesn’t use IAM authentication. Default: false when usinggrantRead
,grantWrite
,grantRootAccess
or set@aws-cdk/aws-efs:denyAnonymousAccess
feature flag, otherwise trueenable_automatic_backups (
Optional
[bool
]) – Whether to enable automatic backups for the file system. Default: falseencrypted (
Optional
[bool
]) – Defines if the data at rest in the file system is encrypted or not. Default: - If your application has the ‘@aws-cdk/aws-efs:defaultEncryptionAtRest’ feature flag set, the default is true, otherwise, the default is false.file_system_name (
Optional
[str
]) – The file system’s name. Default: - CDK generated namefile_system_policy (
Optional
[PolicyDocument
]) – File system policy is an IAM resource policy used to control NFS access to an EFS file system. Default: nonekms_key (
Optional
[IKey
]) – The KMS key used for encryption. This is required to encrypt the data at rest if Default: - if ‘encrypted’ is true, the default key for EFS (/aws/elasticfilesystem) is usedlifecycle_policy (
Optional
[LifecyclePolicy
]) – A policy used by EFS lifecycle management to transition files to the Infrequent Access (IA) storage class. Default: - None. EFS will not transition files to the IA storage class.one_zone (
Optional
[bool
]) – Whether this is a One Zone file system. If enabled,performanceMode
must be set toGENERAL_PURPOSE
andvpcSubnets
cannot be set. Default: falseout_of_infrequent_access_policy (
Optional
[OutOfInfrequentAccessPolicy
]) – A policy used by EFS lifecycle management to transition files from Infrequent Access (IA) storage class to primary storage class. Default: - None. EFS will not transition files from IA storage to primary storage.performance_mode (
Optional
[PerformanceMode
]) – The performance mode that the file system will operate under. An Amazon EFS file system’s performance mode can’t be changed after the file system has been created. Updating this property will replace the file system. Default: PerformanceMode.GENERAL_PURPOSEprovisioned_throughput_per_second (
Optional
[Size
]) – Provisioned throughput for the file system. This is a required property if the throughput mode is set to PROVISIONED. Must be at least 1MiB/s. Default: - none, errors outremoval_policy (
Optional
[RemovalPolicy
]) – The removal policy to apply to the file system. Default: RemovalPolicy.RETAINreplication_configuration (
Optional
[ReplicationConfiguration
]) – Replication configuration for the file system. Default: - no replicationreplication_overwrite_protection (
Optional
[ReplicationOverwriteProtection
]) – Whether to enable the filesystem’s replication overwrite protection or not. Set false if you want to create a read-only filesystem for use as a replication destination. Default: ReplicationOverwriteProtection.ENABLEDsecurity_group (
Optional
[ISecurityGroup
]) – Security Group to assign to this file system. Default: - creates new security group which allows all outbound trafficthroughput_mode (
Optional
[ThroughputMode
]) – Enum to mention the throughput mode of the file system. Default: ThroughputMode.BURSTINGtransition_to_archive_policy (
Optional
[LifecyclePolicy
]) – The number of days after files were last accessed in primary storage (the Standard storage class) at which to move them to Archive storage. Metadata operations such as listing the contents of a directory don’t count as file access events. Default: - None. EFS will not transition files to Archive storage class.vpc_subnets (
Union
[SubnetSelection
,Dict
[str
,Any
],None
]) – Which subnets to place the mount target in the VPC. Default: - the Vpc default strategy if not specified
Methods
- add_access_point(id, *, client_token=None, create_acl=None, path=None, posix_user=None)
create access point from this filesystem.
- Parameters:
id (
str
) –client_token (
Optional
[str
]) – The opaque string specified in the request to ensure idempotent creation. Default: - No client tokencreate_acl (
Union
[Acl
,Dict
[str
,Any
],None
]) – Specifies the POSIX IDs and permissions to apply when creating the access point’s root directory. If the root directory specified bypath
does not exist, EFS creates the root directory and applies the permissions specified here. If the specifiedpath
does not exist, you must specifycreateAcl
. Default: - None. The directory specified bypath
must exist.path (
Optional
[str
]) – Specifies the path on the EFS file system to expose as the root directory to NFS clients using the access point to access the EFS file system. Default: ‘/’posix_user (
Union
[PosixUser
,Dict
[str
,Any
],None
]) – The full POSIX identity, including the user ID, group ID, and any secondary group IDs, on the access point that is used for all file system operations performed by NFS clients using the access point. Specify this to enforce a user identity using an access point. Default: - user identity not enforced
- Return type:
- add_to_resource_policy(statement)
Adds a statement to the resource policy associated with this file system.
A resource policy will be automatically created upon the first call to
addToResourcePolicy
.Note that this does not work with imported file systems.
- Parameters:
statement (
PolicyStatement
) – The policy statement to add.- Return type:
- apply_removal_policy(policy)
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.
The resource can be deleted (
RemovalPolicy.DESTROY
), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN
).- Parameters:
policy (
RemovalPolicy
) –- Return type:
None
- grant(grantee, *actions)
Grant the actions defined in actions to the given grantee on this File System resource.
- Parameters:
grantee (
IGrantable
) – Principal to grant right to.actions (
str
) – The actions to grant.
- Return type:
- grant_read(grantee)
Grant read permissions for this file system to an IAM principal.
- Parameters:
grantee (
IGrantable
) – The principal to grant read to.- Return type:
- grant_read_write(grantee)
Grant read and write permissions for this file system to an IAM principal.
- Parameters:
grantee (
IGrantable
) – The principal to grant read and write to.- Return type:
- grant_root_access(grantee)
As root user, grant read and write permissions for this file system to an IAM principal.
- Parameters:
grantee (
IGrantable
) – The principal to grant root access to.- Return type:
- to_string()
Returns a string representation of this construct.
- Return type:
str
Attributes
- DEFAULT_PORT = 2049
- connections
The security groups/rules used to allow network connections to the file system.
- env
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
- file_system_arn
The ARN of the file system.
- Attribute:
true
- file_system_id
The ID of the file system, assigned by Amazon EFS.
- Attribute:
true
- mount_targets_available
Dependable that can be depended upon to ensure the mount targets of the filesystem are ready.
- node
The tree node.
- stack
The stack in which this resource is defined.
Static Methods
- classmethod from_file_system_attributes(scope, id, *, security_group, file_system_arn=None, file_system_id=None)
Import an existing File System from the given properties.
- Parameters:
scope (
Construct
) –id (
str
) –security_group (
ISecurityGroup
) – The security group of the file system.file_system_arn (
Optional
[str
]) – The File System’s Arn. Default: - determined based on fileSystemIdfile_system_id (
Optional
[str
]) – The File System’s ID. Default: - determined based on fileSystemArn
- Return type:
- classmethod is_construct(x)
Checks if
x
is a construct.Use this method instead of
instanceof
to properly detectConstruct
instances, even when the construct library is symlinked.Explanation: in JavaScript, multiple copies of the
constructs
library on disk are seen as independent, completely different libraries. As a consequence, the classConstruct
in each copy of theconstructs
library is seen as a different class, and an instance of one class will not test asinstanceof
the other class.npm install
will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of theconstructs
library can be accidentally installed, andinstanceof
will behave unpredictably. It is safest to avoid usinginstanceof
, and using this type-testing method instead.- Parameters:
x (
Any
) – Any object.- Return type:
bool
- Returns:
true if
x
is an object created from a class which extendsConstruct
.
- classmethod is_owned_resource(construct)
Returns true if the construct was created by CDK, and false otherwise.
- Parameters:
construct (
IConstruct
) –- Return type:
bool
- classmethod is_resource(construct)
Check whether the given construct is a Resource.
- Parameters:
construct (
IConstruct
) –- Return type:
bool