EFS

Elastic File Storage: fully managed file system

Life cycle management |

Overview

Benefits

• Scalability: automatically grows and shrinks as we add and remove files.

  • Can support over 10GB/sec, >500,000 IOPS

• Reliability:

  • SLA ~ 11 9s durability. Just the same amount of 9s like S3.

  • Every EFS object is redundantly stored across multiple AZ.

  • Quickly detecting and repairing any lost redundancy.

• Integration well with thousands of EC2 instances. EC2 instances can use EFS for parallel shared access.

• Access data across AZs

using Direct Connect or VPN

Features

EFS Mount point

A mount point in AWS Elastic File System (EFS) connects the EFS file system to EC2 instances or on-premises servers, allowing file system interaction. It uses the NFSv4 protocol for secure and seamless file operations.

Key Steps:

1. Create Mount Target: Set up a mount target in each Availability Zone where EC2 instances need EFS access.

2. Security Groups: Assign security groups to mount targets to control access, allowing NFS connections from EC2 instances.

3. Mounting: Use the mount command with the EFS DNS name on EC2 instances. For persistent access, add the mount command to the /etc/fstab file.

4. Performance: Consider mount options and network performance between EC2 instances and EFS mount targets to optimize file operations.

Correctly configured mount points enable the use of EFS’s scalable and durable shared file storage.

• Provide a serverless, set-and-forget elastic NFSv4 (Network File System) File System service.

  • Traditional hierarchial directory structure

  • Trandional file permissions

  • File locking

• For cost down, consider using:

  • EFS-IA

  • EFS One Zone-IA

Application specific directory & permission

• Using EFS access points for restrict access to File system, or specific directory.

• Using AWS IAM policy to ensure specific app only access specific EFS Access Point.

Storage classes

EFS storage classes

There are 4 storage classes in EFS

1. Standard storage class: for frequently accessed files.

2. EFS IA (Infrequent Access) storage class

3. EFS One Zone

4. EFS One Zone-IA

• Lower cost storage class.

• Turn on EFS Lifecycle management to using this storage class.

  • When files have not been access for a period of time -> go to IA storage class

  • Using Lifecycle policy to define that period (1, 7, 14, 30, 60, 90 days). Maximum is 90 days.

Performance modes

	General purpose	Max I/O
latency	Lowest	-
throughput	-	Higher

Throughput modes

	Bursting	Provisioned
throughput	dynamically scale depend on Size	Higher dedicated throughput
config	can not	can be configured independently

Containers and serverless file storage

• Serverless architecture do not have server (no EBS), so it needs a Shared storage service to handle IOPS-heavy workload or Latency-sensitive workload.

• Allow container services like: ECS, EKS, Fargate, Lambda to handle stateful workloads.

Security

Encryption

• Data at rest using encryption keys managed by KMS.

• Data at transit using Transport Layer Security (TLS)

Trivia

• Amazon EFS is NOT supported on Windows instances. Only for Linux (POSIX). Amazon FSx is a specific service used for Windows File Server.

  • FSx --> shared Windows file system（SMB）

  • EFS --> Linux NFS