Replicating EFS file systems - Amazon Elastic File System
CostsReplication performanceRequired IAM permissions

Replicating EFS file systems

For expanded resilience and data protection, you can replicate your EFS file system in an AWS Region. When you enable replication on an EFS file system, Amazon EFS automatically and transparently replicates the data and metadata on the source file system to a destination file system. In the event of a disaster or when performing game day exercises, you can fail over to your replica file system. To resume operations, you can then fail back to the primary file system.

To manage the process of creating the destination file system and keeping it synced with the source file system, Amazon EFS uses a replication configuration.

After you create the replication configuration, Amazon EFS automatically keeps the source and destination file systems synchronized. Changes made to the source file system are not transferred to the destination file system in a point-in-time consistent manner. Instead they're transferred based on the Last synced time for the replication. The Last sync time indicates when the last successful sync between the source and destination was completed. Changes made to your source file system as of the last synced time are replicated to the destination file system, while changes made to the source file system after the last synced time may not be replicated. For more information, see Viewing replication details.

Replication is available in all AWS Regions in which Amazon EFS is available. To replicate an EFS file system in a Region that is disabled by default, you must first opt in to the Region. For more information, see Managing AWS Regions in the AWS General Reference Guide. If you opt out of a Region later, Amazon EFS pauses all replication activities for the Region. To resume replication activities for the Region, opt in to the AWS Region again.

Note

Replication does not support using tags for attribute-based access control (ABAC).

Topics

Costs

To facilitate replication, Amazon EFS creates hidden directories and metadata on the destination file system. These equate to approximately 12 mebibytes (MiB) of metered data for which you are billed. For more information about metering file system storage, see How Amazon EFS reports file system and object sizes.

Replication performance

When you create new replications or reverse the direction of existing replications during the failback process, Amazon EFS performs an initial sync, which includes a series of one-time setup actions to support the replication. The amount of time that the initial sync takes to finish depends on factors such as the size of the source file system and the number of files in it.

After the initial replication is finished, Amazon EFS maintains a Recovery Point Objective (RPO) of 15 minutes for most file systems. However, if the source file system has files that change very frequently and has either more than 100 million files or files that are larger than 100 GB, replication may take longer than 15 minutes. For information about monitoring when the last replication successfully finished, see Viewing replication details.

You can monitor when the last successful sync occurred using the console, the AWS Command Line Interface (AWS CLI), the API, and Amazon CloudWatch. In CloudWatch, use the TimeSinceLastSync EFS metric. For more information, see Viewing replication details.

Required IAM permissions

Amazon EFS uses the EFS service-linked role named AWSServiceRoleForAmazonElasticFileSystem to synchronize the state of the replication between the source and destination file systems. To use replication, you must configure the following permissions to allow AWS Identity and Access Management (IAM) entity (such as a user, group, or role) to create a service linked role, a replication configuration, and a file system.

  • iam:CreateServiceLinkedRole – see the example in Using service-linked roles for Amazon EFS.

  • elasticfilesystem:DescribeFileSystem

  • elasticfilesystem:CreateFileSystem*

  • elasticfilesystem:CreateReplicationConfiguration*

  • elasticfilesystem:DeleteReplicationConfiguration*

  • elasticfilesystem:DescribeReplicationConfigurations*

*You can use the AmazonElasticFileSystemFullAccess managed policy to automatically get all required EFS permissions. For more information, see AWS managed policy: AmazonElasticFileSystemFullAccess.