EFS in Practice
The course is part of these learning paths
This course dives into the AWS Elastic File Service - commonly known as EFS - and explains the service, its components, when it should be used, and how to configure it. EFS is considered file-level storage, supporting access by multiple EC2 instances at once, and is also optimized for low latency access. It appears to users like a file manager interface and uses standard file system semantics, such as locking files, renaming files, updating them, and using a hierarchical structure. This is just like what we're used to on standard premises-based systems.
The course kicks off with a high-level overview of EFS including its features, benefits, and use cases. This is followed by a review of the different storage class options it provides, namely Standard and Infrequent Access. A demonstration then provides a walk-through on how to configure an EFS file system within your VPC. The course covers how to secure your elastic file system, touching upon access control, permissions, and encryption as methods for protecting your data effectively. Finally, it moves on to importing existing on-premises data into EFS. If you want to cement your knowledge of this topic with hands-on experience, you can then try out the Introduction to Elastic File System lab.
- Understand the AWS Elastic File System along with its benefits and use cases
- Understand which performance and storage class to configure based upon your workloads
- Configure and create an elastic file system
- Mount EFS to your existing Linux instances
- Understand some security features and requirements of EFS
- Import existing data into your elastic file system
This course has been created for:
- Storage engineers responsible for maintaining, managing and administering file-level storage
- Security engineers who secure and safeguard data within AWS
- IT professionals preparing for either the AWS Cloud Practitioner exam or one of the three Associate-level certifications
- Those who are starting their AWS journey and want to understand the various services that exist and their use cases
To get the most from this course, you should be familiar with the basic concepts of AWS as well as with some of its core components, such as EC2 connectivity and configuration, in addition to VPC. You should also have an understanding of IAM permissions and how access is granted to resources.
Hello and welcome to this final lecture that will highlight some of the key points that were discussed throughout this course. I started the course by discussing what the Elastic File System is and does. Within this first lecture, I looked at the following points: EFS provides simple scalable file storage for use with Amazon EC2 instances. Amazon Elastic File Storage or EFS is considered a file-level storage and is also optimized for load latency access.
EFS supports access by multiple EC2 instances and it can meet the demands of tens, hundreds, or even thousands of EC2 instances concurrently. It uses standard file-system semantics such as locking files, renaming files, updating them, and using a hierarchical structure. EFS provides the ability for users to browse cloud network resources. EC2 instances can be configured to access Amazon EFS instances using configured mount points, and mount points can be created in multiple availability zones.
EFS is a fully managed, highly available and durable service. And EFS uses standard operating system APIs, so any application that is designed to work with standard operating system APIs, will work with EFS. It supports both NFS versions 4.1 and 4.0 and the EFS file system is also regional.
Now, following this lecture, we looked at storage classes and performance options. And during this lecture, I covered the following: Amazon EFS offers two different storage classes, which offer different levels of performance and costs. These being Standard and Infrequent Access, known as IA. The standard storage class is the default storage class used, and Infrequent Access is used to store data that is rarely accessed but provides a cost reduction on your storage. IA access results in an increased first-spike latency impact when both reading and writing data when compared to that of Standard storage class.
IA charges for the amount of space used and for each read and write you make to the storage class, whereas standard storage only charges for the amount of storage space used per month. EFS lifecycle management will automatically move data between storage classes based upon file access. If a file has not been read or written to for over 30 days, EFS lifecycle management will move the data to the IA storage class to save on costs.
When the file is accessed again, the 30-day timer is reset, and it is moved back to the standard storage class. The EFS lifecycle management will not move data below 128K in size, or any metadata. EFS supports two performance modes, General Purpose and Max I/O. General Purpose is a default performance mode and is used for most use cases, offering all-round performance and low-latency file operation. General Purpose allows only up to 7,000 file system operations per second, whereas Max I/O offers virtually unlimited amounts of throughput and IOPS. Max I/O file operation latency will be reduced compared to General Purpose. EFS provides a CloudWatch metric, percent IO limit, which allows you to view your operations per second as a percentage of the top 7,000 limit.
Now, EFS also supports two throughput modes, Bursting Throughput and Provision Throughput. Bursting Throughput, which is the default mode, scales as your file system grows. EFS credits are accumulated during periods of low-latency activity, operating below the baseline rate of throughput, set at 50 mebibytes per tebibyte of storage used. Every file system can reach its baseline throughput 100% of the time, and using EFS credits allows it to burst above the baseline limit. Credits can be monitored with a CloudWatch metric of BurstCreditBalance, and Provisioned Throughput allows you to burst above your allocated allowance. However, this option does incur additional charges.
Next, I performed a demonstration on how to create an elastic file system, and I looked at points relating to mount targets, lifecycle management, throughput modes, performance modes, and encryption. On completion of the creation of the EFS file system, I looked at how you could mount it. In this lecture, I explained that EFS offers two methods to connect your Linux-based EC2 instances to your EFS file system. You can use the Linux NFS client or the EFS mount helper. The EFS mount helper is a utility installed on your EC2 instance. The EFS mount helper was designed to simplify the entire mount process, and provides locking capabilities to help with any troubleshooting. The EFS mount helper requires a number of prerequisites, these being: the creation of your EFS file system and mount targets, you must have an EC2 instance running with the EFS mount helper installed, your EC2 instance must reside in a VPC and configured with Amazon DNS servers with DNS hostnames enabled, security groups must be configured to allow the NFS file system NFS access to your Linux instance, and you must be able to connect to your Linux instance. I then performed a demonstration on how to perform the mount process using the EFS mount helper.
I then moved my focus onto security, and looked at some of the security aspects of EFS. Within this lecture, I looked at IAM policies and encryption, and covered the following points:
- To create your EFS file system, you need to have allow access to the following actions:
and here is a sample policy showing those actions:
"Sid" : "PermissionToCreateEFSFileSystem",
"Sid" : "PermissionsRequiredForEC2",
- To manage EFS using the AWS management console, you'll also need the following permissions:
"Sid" : "Stmt1AddtionalEC2PermissionsForConsole",
"Sid" : "Stmt2AdditionalKMSPermissionsForConsole",
- EFS supports both encryption at rest and in transit
- Encryption at rest is enabled via a checkbox when using the Management Console
- Encryption at rest uses the Key Management Service, known as KMS, to manage your encryption keys
- Encryption in transit is enabled by utilizing the Transport Layer Security (TLS) protocol when you perform your mounting of your EFS file system
- It is best to use the EFS mount helper to implement encryption in transit
- The mount helper will create a client stunnel process using TLS version 1.2
- The stunnel process listens for any traffic using NDS which it then redirects to the encrypted port
In the final lecture of the course, I looked at how you can import data into your EFS file system, and during this lecture, I explained that the recommended course of action is to use AWS DataSync to import data. Now, AWS DataSync is designed to securely move and migrate and synchronize data from your existing on-premises site into AWS storage services. Data transfer can be accomplished over a Direct Connect link, or over the internet. To sync files from your on-premises environment, you must download the DataSync agent. You then need to configure the agent with a source and destination target, and DataSync can also transfer files between EFS file systems.
That now brings me to the end of this lecture, and to the end of this course. You should now have an understanding of the AWS Elastic File System and how it can be used as file storage within your AWS environment. If you'd like some hands-on experience with EFS, then please take a look at the following lab: https://cloudacademy.com/lab/introduction-elastic-file-system/.
If you have any feedback on this course, positive or negative, it would be greatly appreciated if you could contact firstname.lastname@example.org. Thank you for your time, and good luck with your continued learning of cloud computing. Thank you.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 90+ courses relating to Cloud reaching over 100,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.