Amazon EFS

Core Concepts & Features

Managed NFS: Provides a fully managed Network File System (NFS v4.1 protocol) that can be mounted by multiple compute instances simultaneously.
Highly Available & Durable: EFS stores data redundantly across multiple Availability Zones (AZs) within a region.
Elastic Capacity: Storage capacity is elastic, growing and shrinking automatically as you add or remove files. You pay only for the storage you use.
Broad Compatibility: Can be accessed from Amazon EC2 instances, AWS Fargate, AWS Lambda, and on-premises servers via AWS Direct Connect or AWS VPN.
Scalable Performance: EFS is designed to provide high levels of throughput and IOPS with low, consistent latency.

Performance & Throughput Modes

EFS offers different modes to tailor performance to your workload's needs.

Performance Modes

You choose the performance mode when you create a file system.

| Mode | Description | Use Case |

| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------- |

| General Purpose | The default mode, ideal for the vast majority of applications. It provides the lowest per-operation latency. | Web serving, content management, home directories, and general file sharing. |

| Max I/O | Can scale to higher levels of aggregate throughput and IOPS, with a slightly higher per-operation latency compared to General Purpose. | Big data analytics, media processing, and other large-scale, parallelized workloads. |

Throughput Modes

You can change the throughput mode at any time.

| Mode | Description | Use Case |

| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------- |

| Bursting | Default mode. Throughput scales with the size of your file system. All file systems get a baseline of 50 MiB/s and can burst to higher throughputs based on burst credits. | Workloads with spiky or unpredictable throughput needs. |

| Provisioned| You specify a fixed throughput (in MiB/s) for your file system, regardless of its size. You are billed for this provisioned throughput. | Applications with high, sustained throughput requirements. |

| Elastic | EFS automatically scales throughput up or down based on your application’s workload activity. You pay only for the throughput you use. | Unpredictable workloads that require high performance without over-provisioning. |

EFS Storage Classes & Lifecycle Management

EFS offers storage classes to help you optimize costs based on access patterns.

EFS Standard: Designed for frequently accessed files.
EFS Infrequent Access (IA): A cost-optimized storage class for files that are not accessed every day. EFS IA can reduce storage costs significantly compared to EFS Standard.
Lifecycle Management: You can configure a lifecycle policy to automatically transition files from EFS Standard to EFS IA after a set period of inactivity (e.g., 7, 14, 30, 60, or 90 days). When a file in EFS IA is accessed, it is automatically and transparently moved back to EFS Standard.

Connecting to EFS

Mount Targets: To access an EFS file system, you create mount targets in your VPC. Each mount target provides an IP address in a specific subnet (and thus, an AZ) that you can use in your mount command. It's recommended to create a mount target in each of your VPC's AZs for high availability.
EFS Utils: The amazon-efs-utils package is a collection of tools that makes it simple to mount and use EFS file systems. It handles establishing encrypted TLS tunnels for data in transit.
On-Premises Access: You can mount your EFS file systems on on-premises data center servers when connected to your Amazon VPC with AWS Direct Connect or AWS VPN.

EFS Security

EFS provides multiple layers of security for your data.

Encryption at Rest: You can enable encryption for your data at rest when creating an EFS file system. Encryption is handled using AWS Key Management Service (KMS).
Encryption in Transit: You can mount EFS file systems with Transport Layer Security (TLS) to encrypt data in transit between your clients and the file system. The amazon-efs-utils tool simplifies this process.
Network Security: You control network access to your file system using VPC Security Groups and EFS Mount Target Security Groups. These act as virtual firewalls.
File System Access:
- IAM Policies: You can use IAM identity-based policies to control client access and permissions (e.g., read-only, read-write) to your file system.
- EFS Access Points: Access Points provide application-specific entry points into an EFS file system that make it easier to manage application access to shared datasets.
- POSIX Permissions: EFS supports standard POSIX permissions (read, write, execute for user, group, other) to control access to files and directories.

EFS vs. EBS vs. S3 Comparison

| --------------------------- | ---------------------------------------------------------------- | ---------------------------------------------------------- | --------------------------------------------------------------------- |

| Primary Use Case | Content management, web serving, home directories, shared access | Boot volumes, transactional & NoSQL databases, single-instance storage | Big data analytics, backup/archive, static website hosting, media files |

| Concurrent Access | Thousands of EC2 instances/Lambda functions from multiple AZs | A single EC2 instance in a single AZ (EBS Multi-Attach is an exception) | Millions of connections from anywhere |

Amazon EFS

📚 Recommended AWS Resources