Skip to content

boltopspro-docs/efs

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
app
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

NOTE: This repo contains only the documentation for the private BoltsOps Pro repo code. Original file: https://github.com/boltopspro/efs/blob/master/README.md The docs are publish so they are available for interested customers. For access to the source code, you must be a paying BoltOps Pro subscriber. If are interested, you can contact us at contact@boltops.com or https://www.boltops.com

EFS FileSystem CloudFormation Blueprint

BoltOps Badge

CodeBuild

This blueprint provisions an EFS FileSystem:

  • Several EFS FileSystem properties are configurable with Parameters. Additionally, properties that require further customization are configurable with Variables. The blueprint is configurable for your needs.
  • It creates a configurable mount of MountTargets also. This is configurable with @subnets.
  • A managed Security Group is created if no existing SecurityGroup ids are provided.
  • The FileSystem is encrypted by default. You can configure your own KmsKeyId to use.
  • For safety reasons, the DeletionPolicy is Retain for the FileSystem. This can be adjusted with @delete_policy = "Delete"

Usage

  1. Add blueprint to Gemfile
  2. Configure: configs/efs values
  3. Deploy

Add

Add the blueprint to your lono project's Gemfile.

gem "efs", git: "git@github.com:boltopspro/efs.git"

Configure

First, you want to configure the configs files. Use lono seed to configure starter values quickly.

LONO_ENV=development lono seed efs

The generated files in config/efs folder look something like this:

configs/efs/
├── params
│   └── development.txt
└── variables
    └── development.rb

Here's an example of the parameters.

configs/efs/params/development.txt:

# Parameter Group: AWS::EFS::FileSystem
SecurityGroups="" # Can be a blank string but then should set VpcId for managed SecurityGroup created # (required)
# Encrypted=true
# IpAddress=
# KmsKeyId=
# PerformanceMode=
# ProvisionedThroughputInMibps=
# ThroughputMode=

# Parameter Group: AWS::EC2::SecurityGroup
# VpcId= # vpc-111 # Should be set if SecurityGroups is not set (empty string)

configs/efs/variables/development.rb:

# Create EFS Mount Targets in whichever subnets you need them
@subnets = %w[subnet-111 subnet-222 subnet-333]

Deploy

Use the lono cfn deploy command to deploy. Example:

lono cfn deploy efs --sure

Configure Details

Mounting EFS Volume

To mount the EFS filesystem, you can use the boltopspro/ec2 blueprint to launch 2 test instances. Make sure to:

  • Set the VpcId and SubnetId parameter in the ec2 blueprint configs to values in the same subnet that the EFS have mount targets in.
  • Also, make sure to open up the EFS security group, so it allows access from these EC2 instances. A simple, way is to whitelist the VPC CIDR range.

After the EC2 instances launched, SSH into the instances and mount the volume. Here's an example where the EFS FileSystem Id is fs-5f83c0f5:

sudo yum install -y amazon-efs-utils
sudo mkdir -p /mnt/efs
sudo mount -t efs fs-5f83c0f5:/ /mnt/efs

AWS docs: Mounting EFS File Systems

To automatically mount the volume on a reboot, you can add this line to the /etc/fstab file.

/etc/fstab:

fs-5f83c0f5:/ /mnt/efs efs _netdev,tls,iam 0 0

Before rebooting, test that the mount will work just in case:

sudo mount -fav

AWS docs: Mounting Your Amazon EFS File System Automatically

DeletionPolicy

The default DeletionPolicy is Retain for safety reasons since most of the properties for the EFS FileSystem require replacement. You can override this with the @deletion_policy variable. Example:

configs/efs/variables/development.rb:

@deletion_policy = "Delete"

Security Groups

To assign existing security groups to the File System use SecurityGroups. Example:

configs/efs/params/development.txt:

SecurityGroups=sg-111,sg-222

If not set, then the blueprint will create a managed Security Group and assign to it to the File System instance.

Managed Security Group Rules

To open security group rules on the Managed Security Group, you can use the @security_group_ingress variable. Example:

configs/ec2/variables/development.rb:

@security_group_ingress = [{
  CidrIp: "10.10.0.0/16", # Example
  FromPort: 2049,
  IpProtocol: "tcp",
  ToPort: 2049,
}]

About

Public documentation for boltopspro/efs

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages