Replication configuration - Amazon Elastic File System
Replicating to a new file systemReplicating to an existing file systemPermissions requiredCostsPerformanceMounting a destination file systemFile system failover and failback
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Replication configuration

When you create the replication configuration for your file system, you choose the Amazon Web Services Region in which to create the replication and whether to replicate to a new or existing destination file system.

Note

A file system can be part of only one replication configuration. You cannot use a destination file system as the source file system in another replication configuration.

Replicating to a new file system

Amazon EFS automatically creates a new file system and copies the data and metadata on the source file system to a new read-only destination file system in the Amazon Web Services Region that you choose. The destination file system is created with the following properties:

  • File system type – The file system type determines the availability and durability with which the Amazon EFS file system stores data within an Amazon Web Services Region.

    • Choose Regional to create a file system that stores data and metadata redundantly across all Availability Zones within the Amazon Web Services Region.

    • Choose One Zone to create a file system that stores data and metadata redundantly within a single Availability Zone.

    For more information about file system types, see EFS file system types.

  • Encryption – All destination file systems are created with encryption at rest enabled. You can specify the Amazon Key Management Service (Amazon KMS) key that is used to encrypt the destination file system. If you don't specify a KMS key, your service-managed KMS key for Amazon EFS is used.

    Important

    After the destination file system is created, you cannot change the KMS key.

  • Automatic backups – For destination file systems using One Zone storage, automatic backups are enabled by default. After the file system is created, you can change the automatic backup setting. For more information, see Automatic backups

  • performance mode – The destination file system'sperformance mode matches that of the source file system, unless the destination file system uses One Zone storage. In that case, the General Purpose performance mode is used. The performance mode cannot be changed.

  • throughput mode – The destination file system's throughput mode matches that of the source file system. After the file system is created, you can modify the mode.

    If the source file system's throughput mode is Provisioned, then the destination file system's provisioned throughput amount matches that of the source file system, unless the source file's provisioned amount exceeds the limit for the destination file system's Region. If the source file system's provisioned amount exceeds the Region limit for the destination file system, then the destination file system's provisioned throughput amount is the Region limit. For more information, see Amazon EFS quotas that you can increase.

  • lifecycle management – lifecycle management is not enabled on the destination file system. After the destination file system is created, you can enable it. For more information, see Managing file system storage.

Replicating to an existing file system

EFS replicates the data and metadata on the source file system to the destination file system and Amazon Web Services Region that you choose. During replication, EFS identifies data differences between the file systems and applies the differences to the destination file system.

When replicating to an existing file system, the following requirements apply.

  • The destination file system's replication overwrite protection must be disabled. Replication overwrite protection prevents the file system from being used as the destination in a replication configuration. For more information about disabling the protection, see File system protection.

    Disabling replication overwrite protection requires permissions for the elasticfilesystem:UpdateFileSystemProtection action. For more information, see Amazon managed policy: AmazonElasticFileSystemFullAccess.

  • If the source file system is encrypted, then the destination file system must also be encrypted. Additionally, if the source file is unencrypted and the destination file system is encrypted, then you cannot fail back to the source destination after performing failover. For more information about encryption, see Data encryption in Amazon EFS.

Permissions required

Amazon EFS uses the EFS service-linked role named AWSServiceRoleForAmazonElasticFileSystem to synchronize the state of the replication between the source and destination file systems. In order to use EFS replication, you must configure the following permissions to allow an IAM entity (such as a user, group, or role) to create a service linked role, a replication configuration, and a file system.

  • elasticfilesystem:CreateReplicationConfiguration*

  • elasticfilesystem:DeleteReplicationConfiguration*

  • elasticfilesystem:DescribeFileSystem

  • elasticfilesystem:DescribeReplicationConfigurations*

  • elasticfilesystem:CreateFileSystem*

  • iam:CreateServiceLinkedRole – see the example in Using service-linked roles for Amazon EFS.

Note

* You can use the AmazonElasticFileSystemFullAccess managed policy instead to automatically get all required EFS permissions. For more information, see Amazon managed policy: AmazonElasticFileSystemFullAccess.

Costs

In order to facilitate replication, Amazon EFS creates hidden directories and metadata on the destination file system. These equate to approximately 12 MiB of metered data for which you are billed. For more information about metering file system storage, see Metering: How Amazon EFS reports file system and object sizes.

Performance

When you create new replications or reverse the direction of existing replications during the failback process, Amazon EFS performs an initial sync, which includes a series of one-time setup actions to support the replication. The amount of time that the initial sync takes to finish depends on factors such as the size of the source file system and the number of files in it.

After the initial replication is finished, Amazon EFS maintains a Recovery Point Objective (RPO) of 15 minutes for most file systems. However, if the source file system has files that change very frequently and has either more than 100 million files or files that are larger than 100 GB, replication may take longer than 15 minutes. For information about monitoring when the last replication successfully finished, see Monitoring replication status.

You can monitor when the last successful sync occurred using the console, the Amazon Command Line Interface (Amazon CLI), the API, and Amazon CloudWatch. In CloudWatch, use the TimeSinceLastSync EFS metric. For more information, see Monitoring replication status.

Mounting a destination file system

Amazon EFS does not create any mount targets when it creates the destination file system. To mount a destination file system, you must create one or more mount targets. For more information, see Using the EFS mount helper to mount EFS file systems

Because a destination file system is read-only while it is a member of a replication configuration, any write operations to it will fail. However, you can use the destination file system for read-only use-cases, including testing and development.

File system failover and failback

In the event of a disaster or when performing gameday exercises, you can fail over to your replica file system by deleting its replication configuration. After the replication configuration is deleted, the replica becomes writeable and you can start using it in your application workflow. When the disaster is mitigated or the gameday exercise is over, you can continue using the replica as the primary file system or you can perform a failback to resume operations on your original primary file system.

During the failback process, you can choose to discard the changes made to your replica file system or preserve them by copying them back to your primary.

  • To discard the changes made to your replica during failover, re-create the original replication configuration on your primary file system, where the replica file system is the replication destination. During replication, Amazon EFS synchronizes the file systems by updating your replica file system's data to match that of your primary.

  • To replicate the changes made to your replica during failover, create a replication configuration on the replica file system, where the primary file system is the replication destination. During replication, Amazon EFS identifies and transfers the differences from your replica file system back to the primary file system. Once the replication is complete, you can resume replicating the primary file system by re-creating the original replication configuration or creating a new configuration.

The amount of time it takes for Amazon EFS to complete the replication process varies and depends on factors such as the size of the file system and the number of files in it. For more information, see Performance.