EFS
Last updated
Was this helpful?
Last updated
Was this helpful?
Introduction
Elastic File System (EFS) is a file storage service for EC2. Connecting to EFS is similar to connecting to your network drive.
EFS is within your VPC. Create each ENI (mount target) per AZ.
The capacity is elastic, can grow / shrink automatically.
3x expensive than EBS, 20x expensive than S3.
Feature
Compatible for Linux, POSIX-compliant.
Supports the Network File System version 4 (NFSv4) protocol
Scaling:
1000s of concurrent NFS connections, 10 GB +/s throughput
Grow to Petabyte-scale
Performance mode (According to how data is consumed. Set at EFS creation time):
General purpose (default): latency-sensitive use cases
Max I/O: higher latency / throughput, parallel processing (big data, media processing)
Throughput mode (To determine the Bandwidth):
Bursting mode (scales as the size grows): common for file systems
Provisioned IO mode: high throughput to storage ratio (if burst is not enough, more expensive)
Storage tiers (lifecycle management: move file after N days)
Standard: for frequently accessed file
Infrequent access: higher cost to retrieve the file, lower price point to store the file.
Use 2 Security Groups for EFS / EC2 communications.
Create an inbound / outbound rule to allow the NFS port (TCP:2049) for the EFS mount target / EC2.
Encryption at rest with KMS.
Encryption at rest has to be enabled when the file system is created.
Encryption in transit
Enable TLS when mounting the EFS by adding the -o tls option such as: sudo mount -t efs -o tls fs-12345678:/ /mnt/efs.
Read after write consistency
Working with on-prem servers, better to have a Direct Connect for security and high performance
Otherwise, suggest to use Amazon to connect EFS and on-prem servers.
Scenario
VPC Peering & EFS on-premise
Setup VPC peering for another VPC to access the EFS.
Setup Direct Connect / site-to-site VPN that supports IPSec for on-premise server to access the EFS by IPv4 (not DNS).