class FileSystem (construct)
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.EFS.FileSystem |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsefs#FileSystem |
 Java | software.amazon.awscdk.services.efs.FileSystem |
 Python | aws_cdk.aws_efs.FileSystem |
 TypeScript (source) | aws-cdk-lib » aws_efs » FileSystem |
Implements
IConstruct, IDependable, IResource, IFile, IConnectable, IResource
The Elastic File System implementation of IFileSystem.
It creates a new, empty file system in Amazon Elastic File System (Amazon EFS). It also creates mount target (AWS::EFS::MountTarget) implicitly to mount the EFS file system on an Amazon Elastic Compute Cloud (Amazon EC2) instance or another resource.
Example
import * as iam from 'aws-cdk-lib/aws-iam';
const role = new iam.Role(this, 'ClientRole', {
assumedBy: new iam.AnyPrincipal(),
});
const fileSystem = new efs.FileSystem(this, 'MyEfsFileSystem', {
vpc: new ec2.Vpc(this, 'VPC'),
allowAnonymousAccess: true,
});
fileSystem.grantRead(role);
Initializer
new FileSystem(scope: Construct, id: string, props: FileSystemProps)
Parameters
- scope
Construct - id
string - props
FileSystem Props
Constructor for creating a new EFS FileSystem.
Construct Props
| Name | Type | Description |
|---|---|---|
| vpc | IVpc | VPC to launch the file system in. |
| allow | boolean | Allow access from anonymous client that doesn't use IAM authentication. |
| enable | boolean | Whether to enable automatic backups for the file system. |
| encrypted? | boolean | Defines if the data at rest in the file system is encrypted or not. |
| file | string | The file system's name. |
| file | Policy | File system policy is an IAM resource policy used to control NFS access to an EFS file system. |
| kms | IKey | The KMS key used for encryption. |
| lifecycle | Lifecycle | A policy used by EFS lifecycle management to transition files to the Infrequent Access (IA) storage class. |
| one | boolean | Whether this is a One Zone file system. |
| out | Out | A policy used by EFS lifecycle management to transition files from Infrequent Access (IA) storage class to primary storage class. |
| performance | Performance | The performance mode that the file system will operate under. |
| provisioned | Size | Provisioned throughput for the file system. |
| removal | Removal | The removal policy to apply to the file system. |
| replication | Replication | Replication configuration for the file system. |
| replication | Replication | Whether to enable the filesystem's replication overwrite protection or not. |
| security | ISecurity | Security Group to assign to this file system. |
| throughput | Throughput | Enum to mention the throughput mode of the file system. |
| transition | Lifecycle | The number of days after files were last accessed in primary storage (the Standard storage class) at which to move them to Archive storage. |
| vpc | Subnet | Which subnets to place the mount target in the VPC. |
vpc
Type:
IVpc
VPC to launch the file system in.
allowAnonymousAccess?
Type:
boolean
(optional, default: false when using grantRead, grantWrite, grantRootAccess
or set @aws-cdk/aws-efs:denyAnonymousAccess feature flag, otherwise true)
Allow access from anonymous client that doesn't use IAM authentication.
enableAutomaticBackups?
Type:
boolean
(optional, default: false)
Whether to enable automatic backups for the file system.
encrypted?
Type:
boolean
(optional, default: If your application has the '@aws-cdk/aws-efs:defaultEncryptionAtRest' feature flag set, the default is true, otherwise, the default is false.)
Defines if the data at rest in the file system is encrypted or not.
fileSystemName?
Type:
string
(optional, default: CDK generated name)
The file system's name.
fileSystemPolicy?
Type:
Policy
(optional, default: none)
File system policy is an IAM resource policy used to control NFS access to an EFS file system.
kmsKey?
Type:
IKey
(optional, default: if 'encrypted' is true, the default key for EFS (/aws/elasticfilesystem) is used)
The KMS key used for encryption.
This is required to encrypt the data at rest if
lifecyclePolicy?
Type:
Lifecycle
(optional, default: None. EFS will not transition files to the IA storage class.)
A policy used by EFS lifecycle management to transition files to the Infrequent Access (IA) storage class.
oneZone?
Type:
boolean
(optional, default: false)
Whether this is a One Zone file system.
If enabled, performanceMode must be set to GENERAL_PURPOSE and vpcSubnets cannot be set.
outOfInfrequentAccessPolicy?
Type:
Out
(optional, default: None. EFS will not transition files from IA storage to primary storage.)
A policy used by EFS lifecycle management to transition files from Infrequent Access (IA) storage class to primary storage class.
performanceMode?
Type:
Performance
(optional, default: PerformanceMode.GENERAL_PURPOSE)
The performance mode that the file system will operate under.
An Amazon EFS file system's performance mode can't be changed after the file system has been created. Updating this property will replace the file system.
provisionedThroughputPerSecond?
Type:
Size
(optional, default: none, errors out)
Provisioned throughput for the file system.
This is a required property if the throughput mode is set to PROVISIONED. Must be at least 1MiB/s.
removalPolicy?
Type:
Removal
(optional, default: RemovalPolicy.RETAIN)
The removal policy to apply to the file system.
replicationConfiguration?
Type:
Replication
(optional, default: no replication)
Replication configuration for the file system.
replicationOverwriteProtection?
Type:
Replication
(optional, default: ReplicationOverwriteProtection.ENABLED)
Whether to enable the filesystem's replication overwrite protection or not.
Set false if you want to create a read-only filesystem for use as a replication destination.
securityGroup?
Type:
ISecurity
(optional, default: creates new security group which allows all outbound traffic)
Security Group to assign to this file system.
throughputMode?
Type:
Throughput
(optional, default: ThroughputMode.BURSTING)
Enum to mention the throughput mode of the file system.
transitionToArchivePolicy?
Type:
Lifecycle
(optional, default: None. EFS will not transition files to Archive storage class.)
The number of days after files were last accessed in primary storage (the Standard storage class) at which to move them to Archive storage.
Metadata operations such as listing the contents of a directory don't count as file access events.
vpcSubnets?
Type:
Subnet
(optional, default: the Vpc default strategy if not specified)
Which subnets to place the mount target in the VPC.
Properties
| Name | Type | Description |
|---|---|---|
| connections | Connections | The security groups/rules used to allow network connections to the file system. |
| env | Resource | The environment this resource belongs to. |
| file | string | The ARN of the file system. |
| file | string | The ID of the file system, assigned by Amazon EFS. |
| mount | IDependable | Dependable that can be depended upon to ensure the mount targets of the filesystem are ready. |
| node | Node | The tree node. |
| stack | Stack | The stack in which this resource is defined. |
| static DEFAULT_PORT | number | The default port File System listens on. |
connections
Type:
Connections
The security groups/rules used to allow network connections to the file system.
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
fileSystemArn
Type:
string
The ARN of the file system.
fileSystemId
Type:
string
The ID of the file system, assigned by Amazon EFS.
mountTargetsAvailable
Type:
IDependable
Dependable that can be depended upon to ensure the mount targets of the filesystem are ready.
node
Type:
Node
The tree node.
stack
Type:
Stack
The stack in which this resource is defined.
static DEFAULT_PORT
Type:
number
The default port File System listens on.
Methods
| Name | Description |
|---|---|
| add | create access point from this filesystem. |
| add | Adds a statement to the resource policy associated with this file system. |
| apply | Apply the given removal policy to this resource. |
| grant(grantee, ...actions) | Grant the actions defined in actions to the given grantee on this File System resource. |
| grant | Grant read permissions for this file system to an IAM principal. |
| grant | Grant read and write permissions for this file system to an IAM principal. |
| grant | As root user, grant read and write permissions for this file system to an IAM principal. |
| to | Returns a string representation of this construct. |
| static from | Import an existing File System from the given properties. |
addAccessPoint(id, accessPointOptions?)
public addAccessPoint(id: string, accessPointOptions?: AccessPointOptions): AccessPoint
Parameters
- id
string - accessPointOptions
AccessPoint Options
Returns
create access point from this filesystem.
addToResourcePolicy(statement)
public addToResourcePolicy(statement: PolicyStatement): AddToResourcePolicyResult
Parameters
- statement
Policy— The policy statement to add.Statement
Returns
Adds a statement to the resource policy associated with this file system.
A resource policy will be automatically created upon the first call to addToResourcePolicy.
Note that this does not work with imported file systems.
applyRemovalPolicy(policy)
public applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
RemovalPolicy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
grant(grantee, ...actions)
public grant(grantee: IGrantable, ...actions: string[]): Grant
Parameters
- grantee
IGrantable— Principal to grant right to. - actions
string— The actions to grant.
Returns
Grant the actions defined in actions to the given grantee on this File System resource.
grantRead(grantee)
public grantRead(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable— The principal to grant read to.
Returns
Grant read permissions for this file system to an IAM principal.
grantReadWrite(grantee)
public grantReadWrite(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable— The principal to grant read and write to.
Returns
Grant read and write permissions for this file system to an IAM principal.
grantRootAccess(grantee)
public grantRootAccess(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable— The principal to grant root access to.
Returns
As root user, grant read and write permissions for this file system to an IAM principal.
toString()
public toString(): string
Returns
string
Returns a string representation of this construct.
static fromFileSystemAttributes(scope, id, attrs)
public static fromFileSystemAttributes(scope: Construct, id: string, attrs: FileSystemAttributes): IFileSystem
Parameters
- scope
Construct - id
string - attrs
FileSystem Attributes
Returns
Import an existing File System from the given properties.