MountableEfs

class aws_rfdk.MountableEfs(scope, *, filesystem, access_point=None, extra_mount_options=None, resolve_mount_target_dns_with_api=None)

Bases: object

This class encapsulates scripting that can be used to mount an Amazon Elastic File System onto an instance.

An optional EFS access point can be specified for mounting the EFS file-system. For more information on using EFS Access Points, see https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html. For this to work properly, the EFS mount helper is required. The EFS Mount helper comes pre-installed on Amazon Linux 2. For other Linux distributions, the host machine must have the Amazon EFS client installed. We advise installing the Amazon EFS Client when building your AMI. For instructions on installing the Amazon EFS client for other distributions, see https://docs.aws.amazon.com/efs/latest/ug/installing-amazon-efs-utils.html#installing-other-distro.

NOTE: Without an EFS access point, the file-system is writeable only by the root user.

Security Considerations

• Using this construct on an instance will result in that instance dynamically downloading and running scripts from your CDK bootstrap bucket when that instance is launched. You must limit write access to your CDK bootstrap bucket to prevent an attacker from modifying the actions performed by these scripts. We strongly recommend that you either enable Amazon S3 server access logging on your CDK bootstrap bucket, or enable AWS CloudTrail on your account to assist in post-incident analysis of compromised production environments.

Parameters:

• scope (Construct) –

• filesystem (IFileSystem) – The {@link https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-efs.FileSystem.html EFS} filesystem that will be mounted by the object.

• access_point (Optional[IAccessPoint]) – An optional access point to use for mounting the file-system. NOTE: Access points are only supported when using the EFS mount helper. The EFS Mount helper comes pre-installed on Amazon Linux 2. For other Linux distributions, you must have the Amazon EFS client installed on your AMI for this to work properly. For instructions on installing the Amazon EFS client for other distributions, see: https://docs.aws.amazon.com/efs/latest/ug/installing-amazon-efs-utils.html#installing-other-distro Default: no access point is used

• extra_mount_options (Optional[Sequence[str]]) – Extra NFSv4 mount options that will be added to /etc/fstab for the file system. See: {@link https://www.man7.org/linux/man-pages//man5/nfs.5.html}. The given values will be joined together into a single string by commas. ex: [‘soft’, ‘rsize=4096’] will become ‘soft,rsize=4096’ Default: No extra options.

• resolve_mount_target_dns_with_api (Optional[bool]) – If enabled, RFDK will add user-data to the instances mounting this EFS file-system that obtains the mount target IP address using AWS APIs and writes them to the system’s /etc/hosts file to not require DNS lookups. If mounting EFS from instances in a VPC configured to not use the Amazon-provided DNS Route 53 Resolver server, then the EFS mount targets will not be resolvable using DNS (see https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html) and enabling this will work around that issue. Default: false

Methods

mount_to_linux_instance(target, *, location, permissions=None)

Mount the filesystem to the given instance at instance startup.

This is accomplished by adding scripting to the UserData of the instance to mount the filesystem on startup. If required, the instance’s security group is granted ingress to the filesystem’s security group on the required ports.

Parameters:

• target (IMountingInstance) –

• location (str) – Directory for the mount point.

• permissions (Optional[MountPermissions]) – File permissions for the mounted filesystem. Default: MountPermissions.READWRITE

Inheritdoc:

true

Return type:

None

uses_user_posix_permissions()

Returns whether the mounted file-system evaluates the UID/GID of the system user accessing the file-system.

Some network file-systems provide features to fix a UID/GID for all access to the mounted file-system and ignore the system user accessing the file. If this is the case, an implementing class must indicate this in the return value.

Inheritdoc:

true

Return type:

bool

Attributes

access_point

The optional access point used to mount the EFS file-system.

file_system

The underlying EFS filesystem that is mounted.