Skip to content
CSI Driver for Amazon EFS
Go Shell Makefile Dockerfile
Branch: master
Clone or download
Latest commit 397c35d Oct 21, 2019

Build Status Coverage Status Go Report Card

Amazon EFS CSI Driver

The Amazon Elastic File System Container Storage Interface (CSI) Driver implements the CSI specification for container orchestrators to manage the lifecycle of Amazon EFS filesystems.

CSI Specification Compability Matrix

AWS EFS CSI Driver \ CSI Version v0.3.0 v1.1.0
master branch no yes
v0.2.0 no yes
v0.1.0 yes no


Currently only static provisioning is supported. This means an AWS EFS filesystem needs to be created manually on AWS first. After that it can be mounted inside a container as a volume using the driver.

The following CSI interfaces are implemented:

  • Node Service: NodePublishVolume, NodeUnpublishVolume, NodeGetCapabilities, NodeGetInfo, NodeGetId
  • Identity Service: GetPluginInfo, GetPluginCapabilities, Probe

Encryption In Transit

One of the advantages of using EFS is that it provides encryption in transit support using TLS. Using encryption in transit, data will be encrypted during its transition over the network to the EFS service. This provides an extra layer of defence-in-depth for applications that requires strict security compliance.

To enable encryption in transit, tls needs to be set in the NodePublishVolumeRequest.VolumeCapability.MountVolume object's MountFlags fields. For an example of using it in kubernetes, see the persistence volume manifest in Encryption in Transit Example

Note Kubernetes version 1.13+ is required if you are using this feature in Kubernetes.

EFS CSI Driver on Kubernetes

The following sections are Kubernetes specific. If you are a Kubernetes user, use this for driver features, installation steps and examples.

Kubernetes Version Compability Matrix

AWS EFS CSI Driver \ Kubernetes Version maturity v1.11 v1.12 v1.13 v1.14 v1.15
master branch beta no no no yes yes
v0.2.0 beta no no no yes yes
v0.1.0 alpha yes yes yes no no

Container Images

EFS CSI Driver Version Image
master branch amazon/aws-efs-csi-driver:latest
v0.2.0 amazon/aws-efs-csi-driver:v0.2.0
v0.1.0 amazon/aws-efs-csi-driver:v0.1.0


  • Static provisioning - EFS filesystem needs to be created manually first, then it could be mounted inside container as a persistent volume (PV) using the driver.
  • Mount Options - Mount options can be specified in the persistence volume (PV) to define how the volume should be mounted. Aside from normal mount options, you can also specify tls as a mount option to enable encryption in transit of the EFS filesystem.


  • Since EFS is an elastic filesystem it doesn't really enforce any filesystem capacity. The actual storage capacity value in persistence volume and persistence volume claim is not used when creating the filesystem. However, since the storage capacity is a required field by Kubernetes, you must specify the value and you can use any valid value for the capacity.


Deploy the driver:

If you want to deploy the stable driver:

kubectl apply -k ""

If you want to deploy the development driver:

kubectl apply -k ""


Before the example, you need to:

  • Get yourself familiar with how to setup Kubernetes on AWS and how to create EFS filesystem.
  • When creating EFS filesystem, make sure it is accessible from Kuberenetes cluster. This can be achieved by creating the filesystem inside the same VPC as Kubernetes cluster or using VPC peering.
  • Install EFS CSI driver following the Installation steps.

Example links


Please go through CSI Spec and General CSI driver development guideline to get some basic understanding of CSI driver before you start.


  • Golang 1.12.7+


Dependencies are managed through go module. To build the project, first turn on go mod using export GO111MODULE=on, to build the project run: make


To execute all unit tests, run: make test


This library is licensed under the Apache 2.0 License.

You can’t perform that action at this time.