efs

Component: efs

This component is responsible for provisioning an EFS Network File System with KMS encryption-at-rest. EFS is an excellent choice as the default block storage for EKS clusters so that volumes are not zone-locked.

Usage

Stack Level: Regional

Here's an example snippet for how to use this component.

components:
  terraform:
    efs:
      vars:
        name: shared-files
        dns_name: shared-files
        provisioned_throughput_in_mibps: 10

Requirements

Name	Version
terraform	>= 0.13
aws	>= 3.0
local	>= 1.3
template	>= 2.0

Providers

Name	Version
aws	>= 3.0

Modules

Name	Source	Version
dns_delegated	cloudposse/stack-config/yaml//modules/remote-state	0.17.0
efs	git::https://github.com/cloudposse/terraform-aws-efs.git	tags/0.21.0
eks	cloudposse/stack-config/yaml//modules/remote-state	0.17.0
iam_roles	../account-map/modules/iam-roles	n/a
kms_key_efs	git::https://github.com/cloudposse/terraform-aws-kms-key.git	tags/0.7.0
this	cloudposse/label/null	0.24.1
vpc	cloudposse/stack-config/yaml//modules/remote-state	0.17.0

Resources

Name	Type
aws_caller_identity.current	data source
aws_iam_policy_document.kms_key_efs	data source

Inputs

Name	Description	Type	Default	Required
additional_tag_map	Additional tags for appending to tags_as_list_of_maps. Not added to tags.	map(string)	{}	no
attributes	Additional attributes (e.g. 1)	list(string)	[]	no
context	Single object for setting entire context at once. See description of individual variables for details. Leave string and numeric variables as null to use default value. Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged.	any	{ "additional_tag_map": {}, "attributes": [], "delimiter": null, "enabled": true, "environment": null, "id_length_limit": null, "label_key_case": null, "label_order": [], "label_value_case": null, "name": null, "namespace": null, "regex_replace_chars": null, "stage": null, "tags": {} }	no
delimiter	Delimiter to be used between namespace, environment, stage, name and attributes. Defaults to - (hyphen). Set to "" to use no delimiter at all.	string	null	no
dns_name	Name of the CNAME record to create	string	n/a	yes
enabled	Set to false to prevent the module from creating any resources	bool	null	no
environment	Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'	string	null	no
id_length_limit	Limit id to this many characters (minimum 6). Set to 0 for unlimited length. Set to null for default, which is 0. Does not affect id_full.	number	null	no
import_role_arn	IAM Role ARN to use when importing a resource	string	null	no
label_key_case	The letter case of label keys (tag names) (i.e. name, namespace, environment, stage, attributes) to use in tags. Possible values: lower, title, upper. Default value: title.	string	null	no
label_order	The naming order of the id output and Name tag. Defaults to ["namespace", "environment", "stage", "name", "attributes"]. You can omit any of the 5 elements, but at least one must be present.	list(string)	null	no
label_value_case	The letter case of output label values (also used in tags and id). Possible values: lower, title, upper and none (no transformation). Default value: lower.	string	null	no
name	Solution name, e.g. 'app' or 'jenkins'	string	null	no
namespace	Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'	string	null	no
performance_mode	The file system performance mode. Can be either generalPurpose or maxIO	string	"generalPurpose"	no
provisioned_throughput_in_mibps	The throughput, measured in MiB/s, that you want to provision for the file system. Only applicable with throughput_mode set to provisioned	number	0	no
regex_replace_chars	Regex to replace chars with empty string in namespace, environment, stage and name. If not set, "/[^a-zA-Z0-9-]/" is used to remove all characters other than hyphens, letters and digits.	string	null	no
region	AWS Region	string	n/a	yes
stage	Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'	string	null	no
tags	Additional tags (e.g. map('BusinessUnit','XYZ')	map(string)	{}	no
tfstate_account_id	The ID of the account where the Terraform remote state backend is provisioned	string	""	no
tfstate_assume_role	Set to false to use the caller's role to access the Terraform remote state	bool	true	no
tfstate_bucket_environment_name	The name of the environment for Terraform state bucket	string	""	no
tfstate_bucket_stage_name	The name of the stage for Terraform state bucket	string	"root"	no
tfstate_existing_role_arn	The ARN of the existing IAM Role to access the Terraform remote state. If not provided and remote_state_assume_role is true, a role will be constructed from remote_state_role_arn_template	string	""	no
tfstate_role_arn_template	IAM Role ARN template for accessing the Terraform remote state	string	"arn:aws:iam::%s:role/%s-%s-%s-%s"	no
tfstate_role_environment_name	The name of the environment for Terraform state IAM role	string	"gbl"	no
tfstate_role_name	IAM Role name for accessing the Terraform remote state	string	"terraform"	no
tfstate_role_stage_name	The name of the stage for Terraform state IAM role	string	"root"	no
throughput_mode	Throughput mode for the file system. Defaults to bursting. Valid values: bursting, provisioned. When using provisioned, also set provisioned_throughput_in_mibps	string	"bursting"	no
use_eks_security_group	Use the eks default security group	bool	false	no

Outputs

Name	Description
efs_arn	EFS ARN
efs_dns_name	EFS DNS name
efs_host	DNS hostname for the EFS
efs_id	EFS ID
efs_mount_target_dns_names	List of EFS mount target DNS names
efs_mount_target_ids	List of EFS mount target IDs (one per Availability Zone)
efs_mount_target_ips	List of EFS mount target IPs (one per Availability Zone)
efs_network_interface_ids	List of mount target network interface IDs
security_group_arn	EFS Security Group ARN
security_group_id	EFS Security Group ID
security_group_name	EFS Security Group name

References

• cloudposse/terraform-aws-components - Cloud Posse's upstream component