| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| access_points | List of access points to create. | map(object({ |
{} |
no |
| aws_iam_principals | AWS IAM principals which will be allowed to access the file system via the EFS policy. | list(string) |
[ |
no |
| bypass_policy_lockout_safety_check | A flag to indicate whether to bypass the aws_efs_file_system_policy lockout safety check. | bool |
false |
no |
| enable_customer_managed_kms | If enabled, will create a customer managed KMS key for at-rest encryption. | bool |
false |
no |
| enable_enhanced_backups | Enable enhanced backups. | bool |
false |
no |
| encrypted | If true, the disk will be encrypted. | bool |
true |
no |
| enforce_read_only_default | Enforce read-only access to the file system. Identity-based policies can override these default permissions. | bool |
false |
no |
| enforce_transit_encryption | Enforce in-transit encryption for all clients. | bool |
true |
no |
| kms_key_id | The ARN of the AWS KMS to encrypt the file system. Defaults to the AWS managed KMS key. | string |
null |
no |
| name | The name of the file system. | string |
n/a | yes |
| performance_mode | The file system performance mode. Can be either generalPurpose or maxIO. |
string |
"generalPurpose" |
no |
| prevent_anonymous_access | Prevent anonymous access to the file system. | bool |
false |
no |
| prevent_root_access_default | Prevent root access to the file system. Identity-based policies can override these default permissions. | bool |
false |
no |
| private_subnets | A list of private subnets inside the VPC. | list(string) |
n/a | yes |
| provisioned_throughput_in_mibps | The throughput, measured in MiB/s, that you want to provision for the file system. | number |
0 |
no |
| security_groups | A list of security group IDs to associate with the file system. | list(string) |
n/a | yes |
| tags | A mapping of tags to assign to all resources. | map(string) |
{} |
no |
| throughput_mode | Throughput mode for the file system. Valid values: bursting, provisioned, or elastic. |
string |
"elastic" |
no |
| transition_to_archive | Indicates how long it takes to transition files to the archive storage class. Accepted values AFTER_7_DAYS, AFTER_14_DAYS, AFTER_30_DAYS, AFTER_60_DAYS, AFTER_90_DAYS. | string |
"AFTER_90_DAYS" |
no |
| transition_to_ia | Indicates how long it takes to transition files to the IA storage class. Accepted values AFTER_7_DAYS, AFTER_14_DAYS, AFTER_30_DAYS, AFTER_60_DAYS, AFTER_90_DAYS. | string |
"AFTER_30_DAYS" |
no |
| transition_to_primary_storage_class | Describes the policy used to transition a file from infequent access storage to primary storage. Only AFTER_1_ACCESS is accepted | string |
"AFTER_1_ACCESS" |
no |
| Name | Description |
|---|---|
| access_point_arns | ARNs of created access points. |
| access_point_ids | IDs of created access points. |
| arn | ARN of filesystem. |
| dns_name | DNS address of filesystem. |
| id | Id of filesystem. |
| kms_key_id | ID of the KMS key used to encrypt the EFS. |
| number_of_mount_targets | Number of mount targets of the EFS file system. |
| size_in_bytes | Size of the EFS file system. |
| Name | Version |
|---|---|
| aws | >= 5.35 |
| random | >= 3.4 |
- resource.aws_efs_access_point.main (main.tf#48)
- resource.aws_efs_file_system.main (main.tf#3)
- resource.aws_efs_file_system_policy.main (main.tf#41)
- resource.aws_efs_mount_target.main (main.tf#32)
- resource.random_uuid.main (main.tf#1)
- data source.aws_iam_policy_document.main (data.tf#1)
module "basic-example" {
source = "../../"
name = var.storage_name
private_subnets = var.private_subnets
security_groups = var.security_groups
}module "with-enhanced-backups" {
source = "../../"
name = "efs1"
private_subnets = ["subnet-12345678", "subnet-12345678"]
security_groups = ["sg-12345678"]
enable_enhanced_backups = true
}