Skip to content
UO Cloud Docs

Using EFS Access Points

This guide explains how to use Amazon EFS Access Points to manage application access to your EFS file systems. Access Points are application-specific entry points into an EFS file system that make it easier to manage access to shared datasets.

Prerequisites

Section titled “Prerequisites”

Before you begin, you will need:

  • An active University of Oregon AWS account.
  • An existing EFS file system. You can create one by following our EFS Overview guide.

Core Concepts

Section titled “Core Concepts”

EFS Access Points allow you to enforce a user identity, including the user’s POSIX groups, for all file system requests that are made through the access point. You can also enforce a root directory for the file system, so that users are restricted to a specific directory.

Use Cases

Section titled “Use Cases”
  • Securely providing access to specific applications: You can create an access point for each application that needs to access the file system, and then use IAM policies to control which applications can use which access points.
  • Enforcing a consistent user identity: You can use an access point to ensure that all file system requests from a specific application are made with a consistent user and group ID, regardless of the user that is running the application.
  • Restricting access to a specific directory: You can use an access point to chroot a user to a specific directory in the file system, so that they cannot access files outside of that directory.

Terraform Example

Section titled “Terraform Example”

The following Terraform code will create a new EFS Access Point for an existing EFS file system.

# main.tf - Example for creating an EFS Access Point


variable "file_system_id" {
  description = "The ID of the EFS file system"
  type        = string
}


resource "aws_efs_access_point" "app_one_access_point" {
  file_system_id = var.file_system_id


  posix_user {
    uid = 1001
    gid = 1001
  }


  root_directory {
    path = "/app_one"


    creation_info {
      owner_uid   = 1001
      owner_gid   = 1001
      permissions = "755"
    }
  }
}

Code Explanation

Section titled “Code Explanation”
  • variable "file_system_id": This defines a variable that you can use to pass the ID of the EFS file system to your Terraform configuration.
  • resource "aws_efs_access_point" "app_one_access_point": This block declares a new EFS Access Point resource.
  • posix_user: This block specifies the POSIX user identity that will be used for all file system requests that are made through the access point.
  • root_directory: This block specifies the root directory for the access point. The path is the directory that the user will be chrooted to. The creation_info block specifies the owner and permissions for the directory if it does not already exist.

Next Steps

Section titled “Next Steps”

Now that you have created an EFS Access Point, you can start using it to access your file system.