Skip to content

Latest commit

 

History

History

scenario1

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
.terraform.lock.hcl
.terraform.lock.hcl
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
provider.tf
provider.tf
 
 
terraform.tfvars
terraform.tfvars
 
 
variables.tf
variables.tf
 
 

README.md

Scenario 1: Create Owned Amazon EFS and Owned Amazon EFS Access Point(s)

This is the most common scenario. The lifecycle of Amazon EFS and Amazon EFS Access Point(s) is owned by a single team. Any changes to the EFS or the EFS Access Point(s) are done by the same team via the same Terraform pipeline.

Prerequisites

  • Terraform backend provider and state locking providers are identified and bootstrapped.
    • A bootstrap module/example is provided that provisions Amazon S3 for Terraform state storage and Amazon DynamoDB for Terraform state locking.
  • The target VPC along with the target Subnets exist and are identified via Tags.
    • A vpc example is provided that provisions VPC, Subnets and related resources with example tagging.
    • The example uses the following tags to identify the target VPC and Subnets. 
      "efs/scenario" = "1"
"Env"          = "DEV"
  • EFS file system does not exist.
  • EFS access point does not exist.
  • EFS mount points do not exist in the target VPC Subnets.
  • EFS Security Group does not exist.

Outcome

  • EFS file system is created.
  • EFS Security Group is created with default rules.
  • EFS mount points are created in the target VPC Subnets.
  • EFS access point is created.
  • Standardized EFS resource policy is created.

Execution

  • cd to examples/efs/scenario1 folder.
  • Modify the backend "S3" section in provider.tf with correct values for region, bucket, dynamodb_table, and key.
    • Use provided values as guidance.
  • Modify terraform.tfvars to your requirements.
    • Use provided values as guidance.
  • Make sure you are using the correct AWS Profile that has permission to provision the target resources.
    • aws sts get-caller-identity
  • Execute terraform init to initialize Terraform.
  • Execute terraform plan and verify the changes.
  • Execute terraform apply and approve changes to provision the resources.

Requirements

Name Version
terraform >= v1.1.9
aws >= 4.13.0

Providers

No providers.

Modules

Name Source Version
owned_efs ../../../modules/aws/efs n/a

Resources

No resources.

Inputs

Name Description Type Default Required
env_name Environment name e.g. dev, prod string n/a yes
project Project name (prefix/suffix) to be used on all the resources identification string n/a yes
region The AWS Region e.g. us-east-1 for the environment string n/a yes
subnet_tags Tags to discover target subnets in the VPC, these tags should identify one or more subnets map(string) n/a yes
tags Common and mandatory tags for the resources map(string) n/a yes
vpc_tags Tags to discover target VPC, these tags should uniquely identify a VPC map(string) n/a yes
efs_access_point_specs List of EFS Access Point Specs to be created. It can be an empty list. 
list(object({
    efs_ap          = string # unique name e.g. common_sftp
    uid             = number
    gid             = number
    secondary_gids  = list(number)
    root_path       = string # e.g. /{env}/{project}/{purpose}/{name}
    owner_uid       = number # e.g. 0
    owner_gid       = number # e.g. 0
    root_permission = string # e.g. 0755
    principal_arns  = list(string)
  }))
 [] no
efs_id EFS File System Id, if not provided, a new EFS will be created string null no
kms_alias KMS Alias to discover KMS for EFS encryption, if not provided, a new CMK will be created string "" no
security_group_tags Tags used to discover EFS Security Group, if not provided, new EFS security group will be created map(string) null no

Outputs

Name Description
efs Elastic File System info
efs_ap Elastic File System Access Points