Working with Amazon EFS access points

Amazon EFS access points are application-specific entry points into an EFS file system that make it easier to manage application access to shared datasets. Access points can enforce a user identity, including the user's POSIX groups, for all file system requests that are made through the access point. Access points can also enforce a different root directory for the file system so that clients can only access data in the specified directory or its subdirectories.

You can use AWS Identity and Access Management (IAM) policies to enforce that specific applications use a specific access point. By combining IAM policies with access points, you can easily provide secure access to specific datasets for your applications.

Note

You need to create at least one mount target on your EFS file system to use access points.

You can create access points for an existing Amazon EFS file system using the AWS Management Console, the AWS Command Line Interface (AWS CLI), and the EFS API. An Amazon EFS file system can have a maximum of 1,000 access points. You cannot modify an existing access point after it's created.

For step-by-step procedures to create an access point, see Creating access points.

You use the EFS mount helper when mounting a file system using an access point. In the mount command, include file system ID, the access point ID, and the tls mount option, as shown in the following example.


$ mount -t efs -o tls,iam,accesspoint=fsap-abcdef0123456789a fs-abc0123def456789a: /localmountpoint

For more information on mounting file systems using an access point, see Mounting with EFS access points.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

File and directory permissions

Enforcing a user identity