PutFileSystemPolicy - Amazon Elastic File System
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门



Applies an Amazon EFS FileSystemPolicy to an Amazon EFS file system. A file system policy is an IAM resource-based policy and can contain multiple policy statements. A file system always has exactly one file system policy, which can be the default policy or an explicit policy set or updated using this API operation. EFS file system policies have a 20,000 character limit. When an explicit policy is set, it overrides the default policy. For more information about the default file system policy, see Default EFS File System Policy.

EFS file system policies have a 20,000 character limit.

This operation requires permissions for the elasticfilesystem:PutFileSystemPolicy action.

Request Syntax

PUT /2015-02-01/file-systems/FileSystemId/policy HTTP/1.1 Content-type: application/json { "BypassPolicyLockoutSafetyCheck": boolean, "Policy": "string" }

URI Request Parameters

The request uses the following URI parameters.


The ID of the EFS file system that you want to create or update the FileSystemPolicy for.

Length Constraints: Maximum length of 128.

Pattern: ^(arn:aws[-a-z]*:elasticfilesystem:[0-9a-z-:]+:file-system/fs-[0-9a-f]{8,40}|fs-[0-9a-f]{8,40})$

Required: Yes

Request Body

The request accepts the following data in JSON format.


(Optional) A flag to indicate whether to bypass the FileSystemPolicy lockout safety check. The policy lockout safety check determines whether the policy in the request will prevent the principal making the request will be locked out from making future PutFileSystemPolicy requests on the file system. Set BypassPolicyLockoutSafetyCheck to True only when you intend to prevent the principal that is making the request from making a subsequent PutFileSystemPolicy request on the file system. The default value is False.

Type: Boolean

Required: No


The FileSystemPolicy that you're creating. Accepts a JSON formatted policy definition. EFS file system policies have a 20,000 character limit. To find out more about the elements that make up a file system policy, see EFS Resource-based Policies.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 20000.

Pattern: [\s\S]+

Required: Yes

Response Syntax

HTTP/1.1 200 Content-type: application/json { "FileSystemId": "string", "Policy": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


Specifies the EFS file system to which the FileSystemPolicy applies.

Type: String

Length Constraints: Maximum length of 128.

Pattern: ^(arn:aws[-a-z]*:elasticfilesystem:[0-9a-z-:]+:file-system/fs-[0-9a-f]{8,40}|fs-[0-9a-f]{8,40})$


The JSON formatted FileSystemPolicy for the EFS file system.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 20000.

Pattern: [\s\S]+



Returned if the specified FileSystemId value doesn't exist in the requester's AWS account.

HTTP Status Code: 404


Returned if the file system's lifecycle state is not "available".

HTTP Status Code: 409


Returned if an error occurred on the server side.

HTTP Status Code: 500


Returned if the FileSystemPolicy is is malformed or contains an error such as an invalid parameter value or a missing required parameter. Returned in the case of a policy lockout safety check error.

HTTP Status Code: 400


Create an EFS FileSystemPolicy

The following request creates a FileSystemPolicy that allows all AWS principals to mount the specified EFS file system with read and write permissions.

Sample Request

PUT /2015-02-01/file-systems/fs-01234567/file-system-policy HTTP/1.1 { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "elasticfilesystem:ClientMount", "elasticfilesystem:ClientWrite" ], "Principal": { "AWS": ["*"] }, } ] }

Sample Response

{ "Version": "2012-10-17", "Id": "1", "Statement": [ { "Sid": "efs-statement-abcdef01-1111-bbbb-2222-111122224444", "Effect": "Allow", "Action": [ "elasticfilesystem:ClientMount", "elasticfilesystem:ClientWrite" ], "Principal": { "AWS": ["*"] }, "Resource":"arn:aws:elasticfilesystem:us-east-1:1111222233334444:file-system/fs-01234567" } ] }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: