Creates an AWS EFS file system and associated mount points and security group. Optionally (on by default), configures a one-off AWS Backup plan/vault to back up the volume.
module "efs" {
source = "rhythmictech/efs-filesystem/aws"
name = "photos"
allowed_security_groups = ["sg-1234567890"]
subnets = [
"subnet-1234567890",
"subnet-0123456789",
"subnet-9012345678",
]
vpc_id = "vpc-1234567890"
}| Name | Version |
|---|---|
| terraform | >= 0.12.19 |
| aws | >=3.21.0 |
| Name | Version |
|---|---|
| aws | 4.55.0 |
No modules.
| Name | Type |
|---|---|
| aws_backup_plan.backup | resource |
| aws_backup_selection.backup | resource |
| aws_backup_vault.backup | resource |
| aws_efs_file_system.this | resource |
| aws_efs_mount_target.this | resource |
| aws_iam_role.backup | resource |
| aws_iam_role_policy.backup | resource |
| aws_kms_key.backup | resource |
| aws_security_group.this | resource |
| aws_security_group_rule.allow_cidrs_to_efs | resource |
| aws_security_group_rule.allow_sgs_to_efs | resource |
| aws_iam_policy_document.assume_backup | data source |
| aws_iam_policy_document.backup | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_tags | User-Defined tags | map(string) |
{} |
no |
| allowed_cidrs | List of CIDRs permitted to access EFS mounts | list(string) |
[] |
no |
| allowed_security_groups | List of Security Group IDs permitted to access EFS mounts | list(string) |
[] |
no |
| backup_kms_key_id | KMS Key to use for backups (Specify aws/backup to use the default key, leave null to have a key generated automatically) |
string |
null |
no |
| backup_lifecycle_cold_storage_after | Specifies the number of days after creation that a recovery point is moved to cold storage. | number |
null |
no |
| backup_lifecycle_delete_after | Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than cold_storage_after. | number |
null |
no |
| backup_role_permissions_boundary | An optional IAM permissions boundary to use when creating the IAM role for backups | string |
null |
no |
| backup_schedule | Cron schedule to run backups on | string |
"cron(0 0 * * ? *)" |
no |
| create | If false, this module does nothing |
bool |
true |
no |
| efs_kms_key_id | ARN of KMS key to use for EFS encryption (leave null to create a key, set to aws/backup to use AWS default CMK) |
string |
null |
no |
| enable_backups | Should AWS Backup be configured for this file system? | bool |
true |
no |
| name | Moniker to apply/prefix to all resources in the module (required if create==true) |
string |
null |
no |
| performance_mode | Performance mode to run in (generalPurpose or maxIO). See https://aws.amazon.com/premiumsupport/knowledge-center/linux-efs-performance-modes/ for details. |
string |
"generalPurpose" |
no |
| provisioned_throughput | Provisioned throughput (in mbps) | number |
null |
no |
| subnets | Subnet IDs that the EFS mount points should be created on (required if create==true) |
list(string) |
[] |
no |
| throughput_mode | EFS file system throughput mode (provisioned or bursting) |
string |
"bursting" |
no |
| vpc_id | VPC to create EFS file system in (required if create==true) |
string |
null |
no |
| Name | Description |
|---|---|
| efs_backup_iam_role | Name of the IAM Role created to run AWS Backup |
| efs_file_system_id | EFS File System ID |