AWS::DataSync::LocationEFS - AWS CloudFormation
SyntaxPropertiesReturn valuesExamples

This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::DataSync::LocationEFS

The AWS::DataSync::LocationEFS resource creates an endpoint for an Amazon EFS file system. AWS DataSync can access this endpoint as a source or destination location.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::DataSync::LocationEFS",
  "Properties" : {
      "AccessPointArn" : String,
      "Ec2Config" : Ec2Config,
      "EfsFilesystemArn" : String,
      "FileSystemAccessRoleArn" : String,
      "InTransitEncryption" : String,
      "Subdirectory" : String,
      "Tags" : [ Tag, ... ]
    }
}

YAML

Type: AWS::DataSync::LocationEFS
Properties:
  AccessPointArn: String
  Ec2Config: 
    Ec2Config
  EfsFilesystemArn: String
  FileSystemAccessRoleArn: String
  InTransitEncryption: String
  Subdirectory: String
  Tags: 
    - Tag

Properties

AccessPointArn

Specifies the Amazon Resource Name (ARN) of the access point that DataSync uses to mount your Amazon EFS file system.

For more information, see Accessing restricted file systems.

Required: No

Type: String

Pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):elasticfilesystem:[a-z\-0-9]+:[0-9]{12}:access-point/fsap-[0-9a-f]{8,40}$

Maximum: 128

Update requires: No interruption

Ec2Config

Specifies the subnet and security groups DataSync uses to connect to one of your Amazon EFS file system's mount targets.

Required: Yes

Type: Ec2Config

Update requires: Replacement

EfsFilesystemArn

Specifies the ARN for your Amazon EFS file system.

Required: No

Type: String

Pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):elasticfilesystem:[a-z\-0-9]*:[0-9]{12}:file-system/fs-.*$

Maximum: 128

Update requires: Replacement

FileSystemAccessRoleArn

Specifies an AWS Identity and Access Management (IAM) role that allows DataSync to access your Amazon EFS file system.

For information on creating this role, see Creating a DataSync IAM role for file system access.

Required: No

Type: String

Pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):iam::[0-9]{12}:role/.*$

Maximum: 128

Update requires: No interruption

InTransitEncryption

Specifies whether you want DataSync to use Transport Layer Security (TLS) 1.2 encryption when it transfers data to or from your Amazon EFS file system.

If you specify an access point using AccessPointArn or an IAM role using FileSystemAccessRoleArn, you must set this parameter to TLS1_2.

Required: No

Type: String

Allowed values: NONE | TLS1_2

Update requires: No interruption

Subdirectory

Specifies a mount path for your Amazon EFS file system. This is where DataSync reads or writes data on your file system (depending on if this is a source or destination location).

By default, DataSync uses the root directory (or access point if you provide one by using AccessPointArn). You can also include subdirectories using forward slashes (for example, /path/to/folder).

Required: No

Type: String

Pattern: ^[a-zA-Z0-9_\-\+\./\(\)\$\p{Zs}]+$

Maximum: 4096

Update requires: No interruption

Tags

Specifies the key-value pair that represents a tag that you want to add to the resource. The value can be an empty string. This value helps you manage, filter, and search for your resources. We recommend that you create a name tag for your location.

Required: No

Type: Array of Tag

Maximum: 50

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the location resource ARN. For example:

arn:aws:datasync:us-east-2:111222333444:location/loc-07db7abfc326c50s3

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

LocationArn

The Amazon Resource Name (ARN) of the Amazon EFS file system.

LocationUri

The URI of the Amazon EFS file system.

Examples

Creating an Amazon EFS location

The following example creates a DataSync location for an Amazon EFS file system.

JSON

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Description": "Specifies a DataSync location for an Amazon EFS file system.",
    "Resources": {
        "LocationEFS": {
            "Type": "AWS::DataSync::LocationEFS",
            "Properties": {
                "Ec2Config": {
                    "SecurityGroupArns": [
                        "arn:aws:ec2:us-east-2:11122233344:security-group/sg-1234567890abcdef2"
                    ],
                    "SubnetArn": "arn:aws:ec2:us-east-2:11122233344:subnet/subnet-1234567890abcdef1"
                },
                "EfsFilesystemArn": "arn:aws:elasticfilesystem:us-east-2:111222333444:file-system/fs-021345abcdef6789",
                "Subdirectory": "/mount/path"
            }
        }
    }
}

YAML


AWSTemplateFormatVersion: 2010-09-09
Description: Specifies a DataSync location for an Amazon EFS file system.
Resources:
  LocationEFS:
    Type: AWS::DataSync::LocationEFS
      Properties: 
        Ec2Config: 
          SecurityGroupArns: 
            - arn:aws:ec2:us-east-2:11122233344:security-group/sg-1234567890abcdef2
          SubnetArn: arn:aws:ec2:us-east-2:11122233344:subnet/subnet-1234567890abcdef1
        EfsFilesystemArn: arn:aws:elasticfilesystem:us-east-2:111222333444:file-system/fs-021345abcdef6789
        Subdirectory: /mount/path

Creating an Amazon EFS location with a higher level of security

The following example creates a DataSync location for an Amazon EFS file system that's configured for restricted access.

JSON

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Description": "Specifies a DataSync location for an Amazon EFS file system configured for restricted access.",
    "Resources": {
        "LocationEFS": {
            "Type": "AWS::DataSync::LocationEFS",
            "Properties": {
                "AccessPointArn": "arn:aws:elasticfilesystem:us-east-2:111222333444:access-point/fsap-1234567890abcdef0",
                "Ec2Config": {
                    "SecurityGroupArns": [
                        "arn:aws:ec2:us-east-2:11122233344:security-group/sg-1234567890abcdef2"
                    ],
                    "SubnetArn": "arn:aws:ec2:us-east-2:11122233344:subnet/subnet-1234567890abcdef1"
                },
                "EfsFilesystemArn": "arn:aws:elasticfilesystem:us-east-2:111222333444:file-system/fs-021345abcdef6789",
                "FileSystemAccessRoleArn": "arn:aws:iam::111222333444:role/AllowDataSyncAccess",
                "InTransitEncryption": "TLS1_2"
            }
        }
    }
}

YAML

AWSTemplateFormatVersion: 2010-09-09
Description: Specifies a DataSync location for an Amazon EFS file system configured for restricted access.
Resources:
  LocationEFS:
    Type: AWS::DataSync::LocationEFS
      Properties: 
        AccessPointArn: arn:aws:elasticfilesystem:us-east-2:111222333444:access-point/fsap-1234567890abcdef0
        Ec2Config: 
          SecurityGroupArns: 
            - arn:aws:ec2:us-east-2:11122233344:security-group/sg-1234567890abcdef2
          SubnetArn: arn:aws:ec2:us-east-2:11122233344:subnet/subnet-1234567890abcdef1
        EfsFilesystemArn: arn:aws:elasticfilesystem:us-east-2:111222333444:file-system/fs-021345abcdef6789
        FileSystemAccessRoleArn: arn:aws:iam::111222333444:role/AllowDataSyncAccess
        InTransitEncryption: TLS1_2