Skip to main content

EFS Access Point

πŸ“¦ Overview​

This Terraform module provisions an Amazon EFS Access Point, enabling secure, managed access to a specific directory within an existing EFS file system.

It’s ideal for applications that require identity-based access to shared file storage without altering the core EFS configuration.

βœ… Key Features​

  • Creates a secure Amazon EFS Access Point targeting a specific subdirectory
  • Defines POSIX user and group identity for access control
  • Supports tagging for environment, naming, and access context

πŸ’Ό Use Cases​

  • Multi-user applications requiring identity separation
  • Secure EFS access in containerized environments (e.g., ECS, EKS)
  • Controlled access to shared EFS volumes in EC2 or Lambda setups
  • Mounting subpaths in EFS for workload isolation

πŸ“₯ Input Variables​

NameTypeDescription
regionstringAWS region to deploy the EFS access point
file_system_idstringThe ID of the existing EFS file system
access_pathstringPath to the directory inside the file system (e.g., /data/app)
posix_uidnumberPOSIX user ID for access identity
posix_gidnumberPOSIX group ID for access identity
environmentstringTag to specify the deployment environment (e.g., dev, staging, prod)

πŸ“€ Outputs​

NameDescription
access_point_idThe ID of the created EFS Access Point
access_pathThe directory path used in the access point setup

πŸš€ Deployment Readiness​

  • βœ… Compatible with Terraform 1.0+
  • βœ… Tested with AWS provider 5.x
  • πŸ§ͺ Requires an existing EFS file system and access to EFS resources

πŸ› οΈ Example Usage​

module "efs_access_point" {
  source         = "git::ssh://git@github.com/archiphire/aws-level-1-modules.git//storage/efs-access-point?ref=v1.0.0"

  region         = "us-east-1"
  file_system_id = "fs-12345678"
  access_path    = "/data/app"
  posix_uid      = 1001
  posix_gid      = 1001
  environment    = "prod"
}
terraform init
terraform plan
terraform apply

or

tofu init
tofu plan
tofu apply

🧹 Cleanup Options​

To destroy the EFS access point:

terraform destroy

or

tofu destroy

⚠️ This will not delete the EFS file systemβ€”only the access point itself.

πŸ›‘οΈ Notes​

This is a Level 1 storage module focused on secure, subpath-based EFS access. For full EFS setup including mount targets and performance tuning, combine this with:

efs-filesystem efs-performance-filesystem

πŸ”’ Deployment Package Notice​

This module is part of the Level 1 AWS License Tier. To access the full deployment package and source code, subscribe to Archiphire.