Package software.amazon.awscdk.services.s3files

Class CfnFileSystem

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.CfnElement
software.amazon.awscdk.CfnRefElement
software.amazon.awscdk.CfnResource
software.amazon.awscdk.services.s3files.CfnFileSystem
All Implemented Interfaces:
IInspectable, IEnvironmentAware, IFileSystemRef, ITaggableV2, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
@Generated(value="jsii-pacmak/1.127.0 (build 2117ad5)", date="2026-04-14T18:32:03.774Z") @Stability(Stable) public class CfnFileSystem extends CfnResource implements IInspectable, IFileSystemRef, ITaggableV2
Resource Type definition for AWS::S3Files::FileSystem.

Example: 

 import software.amazon.awscdk.*;
 import software.amazon.awscdk.services.ec2.*;
 import software.amazon.awscdk.services.s3.*;
 import software.amazon.awscdk.services.s3files.*;
 Vpc vpc = new Vpc(this, "Vpc");
 // Versioning is required — S3 Files relies on object versions for consistency.
 Bucket bucket = Bucket.Builder.create(this, "Bucket").versioned(true).build();
 // S3 Files assumes this role to sync data between S3 and the file system.
 Role role = Role.Builder.create(this, "S3FilesRole")
         .assumedBy(new ServicePrincipal("elasticfilesystem.amazonaws.com"))
         .build();
 // S3 permissions: read/write access to the bucket and objects
 role.addToPolicy(PolicyStatement.Builder.create()
         .actions(List.of("s3:ListBucket*"))
         .resources(List.of(bucket.getBucketArn()))
         .build());
 role.addToPolicy(PolicyStatement.Builder.create()
         .actions(List.of("s3:AbortMultipartUpload", "s3:DeleteObject", "s3:GetObject*", "s3:List*", "s3:PutObject*"))
         .resources(List.of(bucket.arnForObjects("*")))
         .build());
 // EventBridge permissions: S3 Files creates rules prefixed "DO-NOT-DELETE-S3-Files"
 // to detect S3 object changes and trigger data synchronization.
 role.addToPolicy(PolicyStatement.Builder.create()
         .actions(List.of("events:DeleteRule", "events:DisableRule", "events:EnableRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets"))
         .resources(List.of(String.format("arn:%s:events:*:*:rule/DO-NOT-DELETE-S3-Files*", Aws.PARTITION)))
         .conditions(Map.of("StringEquals", Map.of("events:ManagedBy", "elasticfilesystem.amazonaws.com")))
         .build());
 role.addToPolicy(PolicyStatement.Builder.create()
         .actions(List.of("events:DescribeRule", "events:ListRuleNamesByTarget", "events:ListRules", "events:ListTargetsByRule"))
         .resources(List.of(String.format("arn:%s:events:*:*:rule/*", Aws.PARTITION)))
         .build());
 CfnFileSystem fileSystem = CfnFileSystem.Builder.create(this, "S3FilesFs")
         .bucket(bucket.getBucketArn())
         .roleArn(role.getRoleArn())
         .build();
 SecurityGroup sg = SecurityGroup.Builder.create(this, "MountTargetSG").vpc(vpc).build();
 // Create a mount target in each private subnet so Lambda can reach the file system via NFS.
 vpc.privateSubnets.forEach((subnet, i) =>
   new s3files.CfnMountTarget(this, `MountTarget${i}`, {
     fileSystemId: fileSystem.attrFileSystemId,
     subnetId: subnet.subnetId,
     securityGroups: [sg.securityGroupId],
   }));
 // The access point defines the POSIX identity and root path Lambda uses on the file system.
 CfnAccessPoint accessPoint = CfnAccessPoint.Builder.create(this, "AccessPoint")
         .fileSystemId(fileSystem.getAttrFileSystemId())
         .rootDirectory(RootDirectoryProperty.builder()
                 .path("/export/lambda")
                 .creationPermissions(CreationPermissionsProperty.builder().ownerGid("1001").ownerUid("1001").permissions("750").build())
                 .build())
         .posixUser(PosixUserProperty.builder().gid("1001").uid("1001").build())
         .build();
 Function fn = Function.Builder.create(this, "MyFunction")
         .runtime(Runtime.NODEJS_LATEST)
         .handler("index.handler")
         .code(Code.fromAsset(join(__dirname, "lambda-handler")))
         .vpc(vpc)
         .filesystem(FileSystem.fromS3FilesAccessPoint(accessPoint, "/mnt/s3files"))
         .build();

See Also:

  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.

  • Constructor Details

    • CfnFileSystem

      protected CfnFileSystem(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnFileSystem

      protected CfnFileSystem(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnFileSystem

      @Stability(Stable) public CfnFileSystem(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnFileSystemProps props)
      Create a new AWS::S3Files::FileSystem.

      Parameters:
      scope - Scope in which this resource is defined. This parameter is required.
      id - Construct identifier for this resource (unique in its scope). This parameter is required.
      props - Resource properties. This parameter is required.

  • Method Details

    • arnForFileSystem

      @Stability(Stable) @NotNull public static String arnForFileSystem(@NotNull IFileSystemRef resource)
      Parameters:
      resource - This parameter is required.

    • isCfnFileSystem

      @Stability(Stable) @NotNull public static Boolean isCfnFileSystem(@NotNull Object x)
      Checks whether the given object is a CfnFileSystem.

      Parameters:
      x - This parameter is required.

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector - tree inspector to collect and process attributes. This parameter is required.

    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.

    • getAttrCreationTime

      @Stability(Stable) @NotNull public String getAttrCreationTime()

    • getAttrFileSystemArn

      @Stability(Stable) @NotNull public String getAttrFileSystemArn()

    • getAttrFileSystemId

      @Stability(Stable) @NotNull public String getAttrFileSystemId()

    • getAttrOwnerId

      @Stability(Stable) @NotNull public String getAttrOwnerId()

    • getAttrStatus

      @Stability(Stable) @NotNull public String getAttrStatus()

    • getAttrStatusMessage

      @Stability(Stable) @NotNull public String getAttrStatusMessage()

    • getAttrSynchronizationConfigurationLatestVersionNumber

      @Stability(Stable) @NotNull public Number getAttrSynchronizationConfigurationLatestVersionNumber()

    • getCdkTagManager

      @Stability(Stable) @NotNull public TagManager getCdkTagManager()
      Tag Manager which manages the tags for this resource.
      Specified by:
      getCdkTagManager in interface ITaggableV2

    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource

    • getFileSystemRef

      @Stability(Stable) @NotNull public FileSystemReference getFileSystemRef()
      A reference to a FileSystem resource.
      Specified by:
      getFileSystemRef in interface IFileSystemRef

    • getBucket

      @Stability(Stable) @NotNull public String getBucket()

    • setBucket

      @Stability(Stable) public void setBucket(@NotNull String value)

    • getRoleArn

      @Stability(Stable) @NotNull public String getRoleArn()

    • setRoleArn

      @Stability(Stable) public void setRoleArn(@NotNull String value)

    • getAcceptBucketWarning

      @Stability(Stable) @Nullable public Object getAcceptBucketWarning()
      Returns union: either Boolean or IResolvable

    • setAcceptBucketWarning

      @Stability(Stable) public void setAcceptBucketWarning(@Nullable Boolean value)

    • setAcceptBucketWarning

      @Stability(Stable) public void setAcceptBucketWarning(@Nullable IResolvable value)

    • getClientToken

      @Stability(Stable) @Nullable public String getClientToken()

    • setClientToken

      @Stability(Stable) public void setClientToken(@Nullable String value)

    • getKmsKeyId

      @Stability(Stable) @Nullable public String getKmsKeyId()

    • setKmsKeyId

      @Stability(Stable) public void setKmsKeyId(@Nullable String value)

    • getPrefix

      @Stability(Stable) @Nullable public String getPrefix()

    • setPrefix

      @Stability(Stable) public void setPrefix(@Nullable String value)

    • getSynchronizationConfiguration

      @Stability(Stable) @Nullable public Object getSynchronizationConfiguration()
      Returns union: either IResolvable or CfnFileSystem.SynchronizationConfigurationProperty

    • setSynchronizationConfiguration

      @Stability(Stable) public void setSynchronizationConfiguration(@Nullable IResolvable value)

    • setSynchronizationConfiguration

      @Stability(Stable) public void setSynchronizationConfiguration(@Nullable CfnFileSystem.SynchronizationConfigurationProperty value)

    • getTags

      @Stability(Stable) @Nullable public List<CfnTag> getTags()

    • setTags

      @Stability(Stable) public void setTags(@Nullable List<CfnTag> value)