CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-pulumi--aws

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources with infrastructure-as-code.

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview
Eval results
Files

efs.mddocs/storage/

EFS - Elastic File System

Amazon EFS provides scalable file storage for use with EC2 instances.

Common Tasks

Create an encrypted file system

import * as aws from "@pulumi/aws";

const fs = new aws.efs.FileSystem("shared-fs", {
    encrypted: true,
    performanceMode: "generalPurpose",
    throughputMode: "bursting",
    tags: { Name: "shared-storage" },
});

Mount EFS in multiple subnets

import * as aws from "@pulumi/aws";

const mountTargets = subnets.map((subnet, i) =>
    new aws.efs.MountTarget(`mount-${i}`, {
        fileSystemId: fs.id,
        subnetId: subnet.id,
        securityGroups: [sg.id],
    })
);

Create provisioned throughput file system

import * as aws from "@pulumi/aws";

const fs = new aws.efs.FileSystem("high-throughput-fs", {
    encrypted: true,
    performanceMode: "maxIO",
    throughputMode: "provisioned",
    provisionedThroughputInMibps: 100,
    tags: { Name: "high-performance" },
});

Core Resources

FileSystem

class FileSystem extends pulumi.CustomResource {
    constructor(name: string, args?: FileSystemArgs, opts?: pulumi.CustomResourceOptions);

    readonly arn: pulumi.Output<string>;
    readonly id: pulumi.Output<string>;
}

interface FileSystemArgs {
    encrypted?: pulumi.Input<boolean>;
    kmsKeyId?: pulumi.Input<string>;
    performanceMode?: pulumi.Input<"generalPurpose" | "maxIO">;
    throughputMode?: pulumi.Input<"bursting" | "provisioned">;
    provisionedThroughputInMibps?: pulumi.Input<number>;
    tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
}

Example: Create encrypted file system with custom KMS key

const fs = new aws.efs.FileSystem("secure-fs", {
    encrypted: true,
    kmsKeyId: kmsKey.id,
    performanceMode: "generalPurpose",
    throughputMode: "bursting",
    tags: {
        Name: "secure-shared-storage",
        Environment: "production",
        Compliance: "HIPAA"
    },
});

Example: High-performance file system

const hpc = new aws.efs.FileSystem("hpc-storage", {
    encrypted: true,
    performanceMode: "maxIO", // For high concurrent operations
    throughputMode: "provisioned",
    provisionedThroughputInMibps: 256, // Dedicated throughput
    tags: {
        Name: "hpc-shared-storage",
        Workload: "high-performance-computing"
    },
});

MountTarget

class MountTarget extends pulumi.CustomResource {
    constructor(name: string, args: MountTargetArgs, opts?: pulumi.CustomResourceOptions);
}

interface MountTargetArgs {
    fileSystemId: pulumi.Input<string>;
    subnetId: pulumi.Input<string>;
    securityGroups?: pulumi.Input<pulumi.Input<string>[]>;
}

Example: Multi-AZ mount targets

// Create mount target in each availability zone
const privateSubnets = [subnet1, subnet2, subnet3];

const mountTargets = privateSubnets.map((subnet, index) =>
    new aws.efs.MountTarget(`mount-target-${index}`, {
        fileSystemId: fs.id,
        subnetId: subnet.id,
        securityGroups: [efsSecurityGroup.id],
    })
);

Example: Mount target with security group

// Security group for EFS access
const efsSg = new aws.ec2.SecurityGroup("efs-sg", {
    vpcId: vpc.id,
    ingress: [{
        protocol: "tcp",
        fromPort: 2049, // NFS port
        toPort: 2049,
        cidrBlocks: [vpc.cidrBlock],
    }],
    tags: { Name: "efs-mount-sg" },
});

// Create mount target
const mount = new aws.efs.MountTarget("mount-target", {
    fileSystemId: fs.id,
    subnetId: privateSubnet.id,
    securityGroups: [efsSg.id],
});

Performance Modes

  • generalPurpose - Ideal for latency-sensitive use cases (default)
  • maxIO - Higher throughput and operations per second for highly parallel workloads

Throughput Modes

  • bursting - Throughput scales with file system size (default)
  • provisioned - Dedicated throughput independent of size

Best Practices

  • Enable encryption at rest for sensitive data
  • Create mount targets in multiple AZs for high availability
  • Use security groups to control NFS access (port 2049)
  • Choose performance mode based on workload (general purpose vs max I/O)
  • Use provisioned throughput for consistent high-performance needs
  • Tag file systems for cost allocation and management

Related Services

  • EC2 - Mount EFS on EC2 instances for shared file access
  • ECS/EKS - Use EFS for persistent container storage
  • Lambda - Access shared file system from Lambda functions
  • Backup - Automate EFS backups with AWS Backup
  • DataSync - Migrate data to/from EFS
  • KMS - Encrypt EFS with custom encryption keys

Install with Tessl CLI

npx tessl i tessl/npm-pulumi--aws

docs

storage

backup.md

ebs.md

efs.md

fsx.md

glacier.md

overview.md

s3.md

index.md

quickstart.md

README.md

tile.json