Terraform AWS EFS Module
The module will create:
- AWS EFS
- Create main.tf config file, copy/paste and customize the following configuration.
#
#
## Creating SG for EFS
module "sg_efs" {
source = "git::https://[email protected]/ucopacme/terraform-aws-security-group.git//"
name = join("-", [local.application, local.environment, "efs", "sg"])
vpc_id = local.vpc_id
ingress = [
{
from_port = 2049
to_port = 2049
protocol = "tcp"
cidr_blocks = ["<cider_blocks>"]
# security_groups = [local.security_group_id]
self = null
description = "Allow port 2049 from the UCOP network"
},
]
egress = [
{
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
description = "Allow egress to anywhere"
}
]
tags = merge(tomap({ "Name" = join("-", [local.application, local.environment, "efs"]) }), local.tags)
}
## Creating Policy EFS
data "aws_iam_policy_document" "this" {
# statement {
# effect = "Allow"
# actions = ["elasticfilesystem:ClientMount", "elasticfilesystem:ClientWrite", "elasticfilesystem:ClientRootAccess"]
# resources = [module.efs.file_system_arn]
# principals {
# type = "AWS"
# identifiers = ["*"]
# }
# condition {
# test = "Bool"
# variable = "elasticfilesystem:AccessedViaMountTarget"
# values = ["true"]
# }
# }
statement {
effect = "Allow"
actions = ["elasticfilesystem:ClientMount", "elasticfilesystem:ClientWrite"]
resources = [module.efs.file_system_arn]
principals {
type = "AWS"
identifiers = [local.role_arn]
}
condition {
test = "StringEquals"
variable = "elasticfilesystem:AccessPointArn"
values = [module.efs.access_points_arn.efs_data]
}
}
statement {
effect = "Allow"
actions = ["elasticfilesystem:ClientMount", "elasticfilesystem:ClientWrite"]
resources = [module.efs.file_system_arn]
principals {
type = "AWS"
identifiers = [local.role_arn]
}
condition {
test = "StringEquals"
variable = "elasticfilesystem:AccessPointArn"
values = [module.efs.access_points_arn.efs_file]
}
}
}
## Creating EFS
module "efs" {
source = "git::https://[email protected]/ucopacme/terraform-aws-efs.git//?ref=v0.0.5"
region = local.region
vpc_id = local.vpc_id
subnets = [local.data_subnet_ids[0], local.data_subnet_ids[1]]
policy = data.aws_iam_policy_document.this.json
security_group = [module.sg_efs.id]
access_points = {
"efs_data" = {
posix_user = {
gid = "500"
uid = "48"
}
creation_info = {
gid = "500"
uid = "48"
permissions = "0755"
}
},
"efs_file" = {
posix_user = {
gid = "600"
uid = "48"
}
creation_info = {
gid = "600"
uid = "48"
permissions = "0755"
}
}
}
tags = merge(tomap({ "Name" = join("-", [local.application, local.environment, "efs"]) }), local.tags)
}