No description, website, or topics provided.
Shell HTML
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

EFS volume release

This is a bosh release that packages an efsdriver and an efsbroker for consumption by a volume_services_enabled Cloud Foundry deployment.

This broker/driver pair allows you to provision new AWS Elastic File Systems and bind those volumes to your applications for shared file access in an AWS environment.

Deploying to AWS EC2


  1. Install Cloud Foundry, or start from an existing CF deployment. If you are starting from scratch, the article Overview of Deploying Cloud Foundry provides detailed instructions.

NB: you must deploy Cloud Foundry to an AWS region that supports EFS. See this table for region support.

  1. Install GO:

    mkdir ~/workspace ~/go
    cd ~/workspace
    sudo tar -C /usr/local -xzf go1.9.linux-amd64.tar.gz
    echo 'export GOPATH=$HOME/go' >> ~/.bashrc
    echo 'export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin' >> ~/.bashrc
    exec $SHELL
  2. Install direnv:

    mkdir -p $GOPATH/src/
    git clone $GOPATH/src/
    pushd $GOPATH/src/
        sudo make install
    echo 'eval "$(direnv hook bash)"' >> ~/.bashrc
    exec $SHELL

Create and Upload this Release

  1. Check out efs-volume-release (master branch) from git:

    cd ~/workspace
    git clone
    cd ~/workspace/efs-volume-release
    direnv allow
    git checkout master
  2. Bosh Create and Upload the release

    bosh -n create-release --force && bosh -n upload-release

Create a variables file with your AWS credentials

Create an efs-vars.yml file with the following format:

aws-access-key-id: AWS_ACCESS_KEY_ID
aws-secret-access-key: AWS_SECRET_ACCESS_KEY
aws-subnet-ids: AWS_SUBNET_IDS 
aws-security-groups: AWS_SECURITY_GROUPS
aws-azs: AWS_AZ
efs-broker-password: EFS_BROKER_PASSWORD

Values for the above variables should be set as follows:

  • AWS_ACCESS_KEY_ID: AWS Access Key Id for the account managing EFS instances
  • AWS_SECRET_ACCESS_KEY: AWS Secret Access Key for the account managing EFS instances
  • AWS_SUBNET_IDS: Comma-separated AWS subnet Ids where mount targets should be created
  • AWS_SECURITY_GROUPS: Comma separated AWS security group ids to assign to the mount points (one per subnet)
  • AWS_AZ: Comma separated AWS AZs of the subnets (one per subnet)
  • EFS_BROKER_PASSWORD: OPTIONAL password for the efs service broker. If this value is omitted, BOSH will generate a password for you.

Redeploy Cloud Foundry with EFS enabled

  1. You should have it already after deploying Cloud Foundry, but if not clone the cf-deployment repository from git:

    $ cd ~/workspace
    $ git clone
    $ cd ~/workspace/cf-deployment
  2. Now redeploy your cf-deployment while including the EFS ops file:

    $ bosh -e my-env -d cf deploy cf.yml \
    -v deployment-vars.yml \ 
    -v efs-vars.yml \
    -o ../efs-volume-release/operations/deploy-efs-broker-and-install-driver.yml

Note: the above command is an example, but your deployment command should match the one you used to deploy Cloud Foundry initially, with the addition of a -o ../efs-volume-release/operations/deploy-efs-broker-and-install-driver.yml option.

Your CF deployment will now have a running service broker and volume drivers, ready to create and mount efs volumes. Unless you have explicitly defined a variable for your efsbroker password, BOSH will generate one for you.
If you let BOSH generate the efsbroker password for you, you can find the password for use in broker registration via the bosh interpolate command:

bosh int deployment-vars.yml --path /efs-broker-password

Register efs-broker

  • type the following:

    cf create-service-broker efsbroker admin <BROKER_PASSWORD>
    cf enable-service-access efs

Create an EFS volume service

  • type the following:

    cf create-service efs generalPurpose myVolume
    cf services
  • EFS volume creation is asynchronous. Keep invoking cf services until the myVolume service shows as ready

Deploy the pora test app, bind it to your service and start the app

  • type the following:

    cd src/
    cf push pora --no-start
    cf bind-service pora myVolume
    cf start pora

####Bind Parameters####

  • mount: By default, volumes are mounted into the application container in an arbitrarily named folder under /var/vcap/data. If you prefer to mount your directory to some specific path where your application expects it, you can control the container mount path by specifying the mount option. The resulting bind command would look something like cf bind-service pora myVolume -c '{"mount":"/var/my/path"}'

test the app to make sure that it can access your EFS volume

  • to check if the app is running, curl should return the instance index for your app
  • to check if the app can access the shared volume curl writes a file to the share and then reads it back out again.


If you have trouble getting this release to operate properly, try consulting the Volume Services Troubleshooting Page