AWS::EFS::FileSystem - AWS CloudFormation
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

AWS::EFS::FileSystem

AWS::EFS::FileSystem 资源在 Amazon Elastic File System (Amazon EFS) 中创建新的空文件系统。您必须创建挂载目标 (AWS::EFS::MountTarget) 以将 EFS 文件系统挂载到 Amazon Elastic Compute Cloud (Amazon EC2) 实例或其他计算资源。

语法

要在 AWS CloudFormation 模板中声明此实体,请使用以下语法:

JSON

{ "Type" : "AWS::EFS::FileSystem", "Properties" : { "BackupPolicy" : BackupPolicy, "Encrypted" : Boolean, "FileSystemPolicy" : Json, "FileSystemTags" : [ ElasticFileSystemTag, ... ], "KmsKeyId" : String, "LifecyclePolicies" : [ LifecyclePolicy, ... ], "PerformanceMode" : String, "ProvisionedThroughputInMibps" : Double, "ThroughputMode" : String } }

属性

BackupPolicy

使用 BackupPolicy 可打开或关闭文件系统的自动备份。

必需:否

类型BackupPolicy

Update requires: No interruption

Encrypted

一个布尔值,如果为 true,则创建一个加密文件系统。在创建加密文件系统时,可以选择为现有 AWS Key Management Service (AWS KMS) 客户主密钥 (CMK) 指定 KmsKeyId。如果您不指定 CMK,则使用 Amazon EFS 的默认 CMK(即 /aws/elasticfilesystem)来保护加密文件系统。

必需:条件

类型:布尔值

Update requires: Replacement

FileSystemPolicy

FileSystemPolicy 用于 EFS 文件系统。文件系统策略是一种 IAM 资源策略,用于控制对 EFS 文件系统的 NFS 访问。有关更多信息,请参阅 Amazon EFS 用户指南 中的使用 IAM 控制对 Amazon EFS 的 NFS 访问

必需:否

类型:Json

Update requires: No interruption

FileSystemTags

一个值,指定创建与文件系统关联的一个或多个标签。每个标签均为一个用户定义的键值对。通过包含 "Key":"Name","Value":"{value}" 键值对来在创建时为文件系统命名。

必需:否

类型ElasticFileSystemTag 的列表

Update requires: No interruption

KmsKeyId

用于保护加密文件系统的 AWS KMS 客户主密钥 (CMK) 的 ID。仅当您想使用非默认 CMK 时,此参数才是必需的。如果未指定此参数,则使用 Amazon EFS 的默认 CMK。此 ID 可以是下列格式之一:

  • 键 ID - 键的唯一标识符,例如 1234abcd-12ab-34cd-56ef-1234567890ab

  • ARN - 键的 Amazon 资源名称 (ARN),例如 arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

  • 键别名 - 之前为键创建的显示名称,例如 alias/projectKey1

  • 键别名 ARN - 键别名的 ARN,例如 arn:aws:kms:us-west-2:444455556666:alias/projectKey1

如果指定 KmsKeyId,则 Encrypted 参数必须设置为 true。

必需:否

类型:字符串

最高2048

模式^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|alias/[a-zA-Z0-9/_-]+|(arn:aws[-a-z]*:kms:[a-z0-9-]+:\d{12}:((key/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})|(alias/[a-zA-Z0-9/_-]+))))$

Update requires: Replacement

LifecyclePolicies

EFS 生命周期管理用于将文件转换为非频繁访问 (IA) 存储类的策略的列表。

必需:否

类型LifecyclePolicy 的列表

Update requires: No interruption

PerformanceMode

文件系统的性能模式。我们针对大多数文件系统推荐使用 generalPurpose 性能模式。使用 maxIO 性能模式的文件系统可以扩展到更高级别的聚合吞吐量和每秒操作数,但代价是大多数文件操作的延迟较高。创建文件系统后,将无法更改性能模式。

必需:否

类型:字符串

允许的值generalPurpose | maxIO

Update requires: Replacement

ProvisionedThroughputInMibps

要为创建的文件系统预置的吞吐量(以 MiB/s 为单位)。有效值为 1-1024。如果将 ThroughputMode 设置为 provisioned,则是必需的。吞吐量上限为 1024 MiB/s。您可以联系 AWS Support 以提高此限制。有关更多信息,请参阅 Amazon EFS 用户指南 中的您可以提高的 Amazon EFS 限制

必需:条件

类型:双精度

Update requires: No interruption

ThroughputMode

要创建的文件系统的吞吐量模式。可以为文件系统选择两种吞吐量模式:burstingprovisioned。如果将 ThroughputMode 设置为 provisioned,则还必须设置 ProvisionedThroughPutInMibps 的值。您可以在预置吞吐量模式下降低文件系统的吞吐量,或者在吞吐量模式之间切换,但前提是距离上次降低或吞吐量模式切换超过 24 小时。有关更多信息,请参阅 Amazon EFS 用户指南 中的通过预配置模式指定吞吐量

必需:否

类型:字符串

允许的值bursting | provisioned

Update requires: No interruption

返回值

Ref

在将此资源的逻辑 ID 传递给内部 Ref 函数时,Ref 返回资源 ID。例如:

{"Ref":"fs-12345678"}

对于 Amazon EFS 文件系统 fs-12345678,Ref 返回文件系统 ID。

For more information about using the Ref function, see Ref.

Fn::GetAtt

Fn::GetAtt 内部函数返回此类型的一个指定属性的值。以下为可用属性和示例返回值。

有关使用 Fn::GetAtt 内部函数的更多信息,请参阅 Fn::GetAtt

Arn

Not currently supported by AWS CloudFormation.

FileSystemId

EFS 文件系统的 ID。例如:fs-0123456

示例

创建加密文件系统

以下示例声明加密的 Amazon EFS 文件系统。

JSON

"{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "MountTargetVPC": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": "172.31.0.0/16" } }, "MountTargetSubnetOne": { "Type": "AWS::EC2::Subnet", "Properties": { "CidrBlock": "172.31.1.0/24", "VpcId": { "Ref": "MountTargetVPC" }, "AvailabilityZone": "us-east-1a" } }, "MountTargetSubnetTwo": { "Type": "AWS::EC2::Subnet", "Properties": { "CidrBlock": "172.31.2.0/24", "VpcId": { "Ref": "MountTargetVPC" }, "AvailabilityZone": "us-east-1a" } }, "MountTargetSubnetThree": { "Type": "AWS::EC2::Subnet", "Properties": { "CidrBlock": "172.31.3.0/24", "VpcId": { "Ref": "MountTargetVPC" }, "AvailabilityZone": "us-east-1a" } }, "FileSystemResource": { "Type": "AWS::EFS::FileSystem", "Properties": { "PerformanceMode": "maxIO", "LifecyclePolicies":[ { "TransitionToIA" : "AFTER_30_DAYS" } ], "Encrypted": true, "FileSystemTags": [ { "Key": "Name", "Value": "TestFileSystem" } ], "FileSystemPolicy": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "elasticfilesystem:ClientMount" ], "Principal": {"AWS": "arn:aws:iam::111122223333:root"} } ] }, "BackupPolicy": { "Status": "ENABLED" }, "KmsKeyId": { "Fn::GetAtt": [ "key", "Arn" ] } } }, "key": { "Type": "AWS::KMS::Key", "Properties": { "KeyPolicy": { "Version": "2012-10-17", "Id": "key-default-1", "Statement": [ { "Sid": "Allow administration of the key", "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:aws:iam::", { "Ref": "AWS::AccountId" }, ":root" ] ] } }, "Action": [ "kms:*" ], "Resource": "*", "AWS": "*" } ] } } }, "MountTargetResource1": { "Type": "AWS::EFS::MountTarget", "Properties": { "FileSystemId": { "Ref": "FileSystemResource" }, "SubnetId": { "Ref": "MountTargetSubnetOne" }, "SecurityGroups": [ { "Fn::GetAtt": [ "MountTargetVPC", "DefaultSecurityGroup" ] } ] } }, "MountTargetResource2": { "Type": "AWS::EFS::MountTarget", "Properties": { "FileSystemId": { "Ref": "FileSystemResource" }, "SubnetId": { "Ref": "MountTargetSubnetTwo" }, "SecurityGroups": [ { "Fn::GetAtt": [ "MountTargetVPC", "DefaultSecurityGroup" ] } ] } }, "MountTargetResource3": { "Type": "AWS::EFS::MountTarget", "Properties": { "FileSystemId": { "Ref": "FileSystemResource" }, "SubnetId": { "Ref": "MountTargetSubnetThree" }, "SecurityGroups": [ { "Fn::GetAtt": [ "MountTargetVPC", "DefaultSecurityGroup" ] } ] } }, "AccessPointResource": { "Type": "AWS::EFS::AccessPoint", "Properties": { "FileSystemId": { "Ref": "FileSystemResource" }, "PosixUser": { "Uid": "13234", "Gid": "1322", "SecondaryGids": [ "1344", "1452" ] }, "RootDirectory": { "CreationInfo": { "OwnerGid": "708798", "OwnerUid": "7987987", "Permissions": "0755" }, "Path": "/testcfn/abc" } } } } }

YAML

AWSTemplateFormatVersion: 2010-09-09 Resources: MountTargetVPC: Type: AWS::EC2::VPC Properties: CidrBlock: 172.31.0.0/16 MountTargetSubnetOne: Type: AWS::EC2::Subnet Properties: CidrBlock: 172.31.1.0/24 VpcId: !Ref MountTargetVPC AvailabilityZone: "us-east-1a" MountTargetSubnetTwo: Type: AWS::EC2::Subnet Properties: CidrBlock: 172.31.2.0/24 VpcId: !Ref MountTargetVPC AvailabilityZone: "us-east-1a" MountTargetSubnetThree: Type: AWS::EC2::Subnet Properties: CidrBlock: 172.31.3.0/24 VpcId: !Ref MountTargetVPC AvailabilityZone: "us-east-1a" FileSystemResource: Type: 'AWS::EFS::FileSystem' Properties: BackupPolicy: Status: ENABLED PerformanceMode: maxIO Encrypted: true LifecyclePolicies: - TransitionToIA: AFTER_30_DAYS FileSystemTags: - Key: Name Value: TestFileSystem FileSystemPolicy: Version: "2012-10-17" Statement: - Effect: "Allow" Action: - "elasticfilesystem:ClientMount" Principal:'arn:aws:iam::111122223333:root' KmsKeyId: !GetAtt - key - Arn key: Type: AWS::KMS::Key Properties: KeyPolicy: Version: 2012-10-17 Id: key-default-1 Statement: - Sid: Allow administration of the key Effect: Allow Principal: AWS: !Join - '' - - 'arn:aws:iam::' - !Ref 'AWS::AccountId' - ':root' Action: - 'kms:*' Resource: '*' AWS: "*" MountTargetResource1: Type: AWS::EFS::MountTarget Properties: FileSystemId: !Ref FileSystemResource SubnetId: !Ref MountTargetSubnetOne SecurityGroups: - !GetAtt MountTargetVPC.DefaultSecurityGroup MountTargetResource2: Type: AWS::EFS::MountTarget Properties: FileSystemId: !Ref FileSystemResource SubnetId: !Ref MountTargetSubnetTwo SecurityGroups: - !GetAtt MountTargetVPC.DefaultSecurityGroup MountTargetResource3: Type: AWS::EFS::MountTarget Properties: FileSystemId: !Ref FileSystemResource SubnetId: !Ref MountTargetSubnetThree SecurityGroups: - !GetAtt MountTargetVPC.DefaultSecurityGroup AccessPointResource: Type: 'AWS::EFS::AccessPoint' Properties: FileSystemId: !Ref FileSystemResource PosixUser: Uid: "13234" Gid: "1322" SecondaryGids: - "1344" - "1452" RootDirectory: CreationInfo: OwnerGid: "708798" OwnerUid: "7987987" Permissions: "0755" Path: "/testcfn/abc"

另请参阅