⬡ Hub
Skip to content

AWS EFS (Elastic File System)

Detailed Content

Amazon Elastic File System (Amazon EFS) provides a simple, scalable, elastic file storage for use with AWS Cloud services and on-premises resources. It is a fully managed service that is designed to be highly available and durable, and it can automatically scale up or down as you add or remove files.

Core Concepts

  • File System: The primary resource in EFS. It is a fully managed, scalable, and highly available network file system that can be mounted on multiple EC2 instances, containers, or on-premises servers simultaneously. EFS is POSIX-compliant, meaning it behaves like a traditional file system.
  • Mount Targets: An endpoint in a VPC subnet that you use to connect to an EFS file system. Each Availability Zone where you want to access the file system needs a mount target. Mount targets are essentially Elastic Network Interfaces (ENIs) with IP addresses from your VPC subnet.
  • Access Points: Application-specific entry points into an EFS file system that make it easier to manage application access to shared datasets. Access points can enforce an operating system user and group, and a root directory for all file system requests made through them. This simplifies access control and multi-tenant environments.
  • Storage Classes: EFS offers different storage classes to optimize cost and performance based on access patterns:
    • Standard: For frequently accessed files, stored redundantly across multiple Availability Zones for high availability and durability.
    • Infrequent Access (EFS IA): For files that are accessed less frequently (e.g., once a quarter), offering significantly lower storage costs. Data is automatically moved to IA based on lifecycle policies.
    • EFS One Zone: Stores data redundantly within a single Availability Zone. Offers lower cost than EFS Standard but is not resilient to AZ failures. Suitable for development, test, or analytics workloads where data can be easily recreated.
    • EFS One Zone-Infrequent Access (EFS One Zone-IA): Combines the cost savings of One Zone with the infrequent access tier.
  • Throughput Modes: Control how much data your file system can process per second:
    • Bursting Throughput: Throughput scales with the amount of data stored in the file system. File systems earn burst credits when idle and can burst to higher throughput levels. Good for workloads with spiky or unpredictable performance needs.
    • Provisioned Throughput: You provision a specific throughput capacity (MB/s), independent of the amount of data stored. This is ideal for workloads with consistent, high throughput requirements that need predictable performance.
  • Performance Modes: Determine the latency and concurrency characteristics of your file system:
    • General Purpose: The default mode, suitable for most file system workloads, including web serving, content management, and home directories. Offers good latency and throughput.
    • Max I/O: Optimized for applications requiring the highest levels of aggregate throughput and IOPS, with a trade-off of slightly higher latency. Ideal for big data analytics, media processing, and machine learning inference.
  • Encryption: EFS supports encryption of data at rest using AWS Key Management Service (KMS) and encryption of data in transit using TLS. This ensures data security throughout its lifecycle.
  • Lifecycle Management: EFS automatically transitions files that haven't been accessed for a specified period (e.g., 7, 14, 30, 60, 90 days) from the Standard storage class to the Infrequent Access (IA) storage class, optimizing storage costs.

Use Cases

  • Lift-and-shift enterprise applications: EFS provides a shared file system that is POSIX-compliant, making it easy to migrate existing on-premises applications that rely on shared file storage (e.g., SAP, Oracle, Microsoft SharePoint) to the AWS Cloud without significant code changes.
  • Content management systems (CMS): Store and serve web content, media files, user-uploaded documents, and other assets for CMS platforms like WordPress, Drupal, or Joomla. Multiple web servers can access the same content, ensuring consistency.
  • Web serving and development environments: Provide shared storage for web servers, development tools, and code repositories. Developers can share code and resources, and web servers can serve content from a central location.
  • Big data analytics: Store and process large datasets for analytics workloads using tools like Apache Spark, Hadoop, or AWS EMR. EFS can provide the scalable, shared storage needed for these compute-intensive tasks.
  • Container storage: Persistent storage for containerized applications running on Amazon ECS or Amazon EKS. Containers can mount EFS file systems to store application data, configuration files, or logs, ensuring data persistence even if containers are rescheduled or scaled.
  • Media processing workflows: Store large media files (images, audio, video) and provide shared access for processing applications, such as video transcoding, image manipulation, or audio analysis.
  • Home directories: Provide scalable and durable home directories for users in virtual desktop environments (e.g., Amazon WorkSpaces) or shared development environments.
  • Backup and recovery: Use EFS as a target for backups from EC2 instances or on-premises servers, leveraging its durability and scalability.

Interview Questions

Conceptual Questions

  1. What is AWS EFS and what are its primary advantages over EBS for certain use cases?
    • AWS EFS (Elastic File System) is a fully managed, scalable, elastic, and highly available network file system. Its primary advantage over EBS is that it can be mounted and accessed concurrently by multiple EC2 instances (or other compute services) across multiple Availability Zones, making it ideal for shared file systems, content management, web serving, and big data analytics. EBS, on the other hand, is block storage typically attached to a single EC2 instance.
  2. Explain the concept of EFS Mount Targets and why they are necessary.
    • EFS Mount Targets are network interfaces (ENIs) created in a VPC subnet that serve as endpoints for connecting to an EFS file system. They are necessary because EFS is a network file system, and EC2 instances (or other compute resources) need a network path within your VPC to access the file system. Each Availability Zone where you want to access the file system requires at least one mount target.
  3. When would you choose EFS over S3 for file storage?
    • Choose EFS when you need:
      • A file system interface (POSIX compliance) for applications that expect file system semantics.
      • Shared access from multiple EC2 instances or containers concurrently.
      • Low-latency access for frequently accessed data.
      • Integration with existing applications that rely on shared file storage.
    • Choose S3 when you need:
      • Object storage for unstructured data.
      • Extremely high scalability and durability for static content, backups, and data lakes.
      • HTTP/HTTPS access for web applications.
      • Lower cost for infrequently accessed or archival data.
  4. Describe the different throughput modes in EFS and when you would use each.
    • Bursting Throughput: Throughput scales with the amount of data stored in the file system. File systems earn burst credits when idle and can burst to higher throughput levels. Ideal for workloads with spiky or unpredictable performance needs, where average throughput is low but occasional bursts are required.
    • Provisioned Throughput: You provision a specific throughput capacity (MB/s), independent of the amount of data stored. This is ideal for workloads with consistent, high throughput requirements that need predictable performance, regardless of the file system size.
  5. What are EFS Access Points and how do they enhance security and simplify application access?
    • EFS Access Points are application-specific entry points into an EFS file system. They simplify access control by allowing you to enforce an operating system user and group, and a root directory for all file system requests made through them. This means you can grant specific applications or microservices access to only a subset of the file system, improving security and simplifying permission management, especially in multi-tenant or containerized environments.
  6. Explain the different EFS storage classes, including EFS One Zone, and how they help optimize costs.
    • Standard: Multi-AZ, highly available and durable, for frequently accessed data.
    • Infrequent Access (IA): Multi-AZ, lower cost for data accessed less frequently. Data automatically transitions to IA based on lifecycle policies.
    • One Zone: Single-AZ, lowest cost, for data that doesn't require multi-AZ resilience (e.g., dev/test, analytics where data can be recreated). Not recommended for primary production data.
    • One Zone-Infrequent Access (One Zone-IA): Single-AZ, even lower cost for infrequently accessed data within a single AZ. These classes allow you to match storage cost to access patterns and availability requirements.

Scenario-Based Questions

  1. You have a fleet of web servers (EC2 instances) that need to access a common set of configuration files, user-uploaded content, and application logs. The application is critical and requires high availability. How would you provide shared storage for these instances?
    • I would use Amazon EFS with the Standard storage class. I would create an EFS file system and configure mount targets in multiple Availability Zones. All web servers would then mount this EFS file system. This provides a shared, scalable, and highly available file system that all instances can access concurrently, ensuring data consistency and resilience across AZs.
  2. You are running a containerized application on Amazon EKS, and the containers need persistent storage that can be shared across multiple pods. The data is critical and needs to be highly available. How would you implement this?
    • I would use Amazon EFS with the Standard storage class. I would integrate EFS with EKS using the Amazon EFS CSI driver. This allows me to dynamically provision EFS Persistent Volumes (PVs) and Persistent Volume Claims (PVCs) within my EKS cluster. The containers (pods) would then mount these EFS volumes, enabling them to share persistent data, ensuring data persistence and high availability even if pods are rescheduled or scaled across different nodes or AZs.
  3. Your EFS file system is experiencing performance bottlenecks during peak hours, but it's cost-effective during off-peak hours. The workload has predictable high-throughput requirements during these peak times. How would you optimize its performance and cost?
    • Given the predictable high-throughput requirements during peak times, I would switch the EFS file system from Bursting Throughput mode to Provisioned Throughput mode. I would provision the throughput capacity to meet the peak demand. This ensures consistent and predictable performance during critical periods. For cost optimization, I would also configure EFS Lifecycle Management to automatically transition less frequently accessed data to the Infrequent Access (IA) storage class, reducing overall storage costs.
  4. You need to store large amounts of log data from various applications. This data is accessed infrequently for auditing and troubleshooting, but needs to be available when required. Cost is a major concern, and you are comfortable with the data residing in a single Availability Zone. Which EFS storage class would you choose?
    • I would choose EFS One Zone-Infrequent Access (EFS One Zone-IA). This storage class offers the lowest cost for infrequently accessed data and stores data redundantly within a single Availability Zone. Since cost is a major concern and you are comfortable with single-AZ resilience for this type of data (which can likely be recreated if lost), One Zone-IA is the most appropriate choice.

Coding/CLI Examples

Here are some common EFS operations using the AWS CLI and Python (Boto3).

AWS CLI Examples

  1. Create an EFS file system with General Purpose performance mode and Bursting throughput mode: bash aws efs create-file-system \ --performance-mode generalPurpose \ --throughput-mode bursting \ --encrypted \ --tags Key=Name,Value=MyEFSFileSystemCLI

  2. Create a mount target for an EFS file system: ```bash FILE_SYSTEM_ID="fs-0abcdef1234567890" # Replace with your EFS File System ID SUBNET_ID="subnet-0abcdef1234567890" # Replace with your Subnet ID SECURITY_GROUP_ID="sg-0abcdef1234567890" # Replace with your Security Group ID

    aws efs create-mount-target \ --file-system-id $FILE_SYSTEM_ID \ --subnet-id $SUBNET_ID \ --security-groups $SECURITY_GROUP_ID ```

  3. Mount an EFS file system on an EC2 instance (Linux) using amazon-efs-utils: ```bash # On the EC2 instance, install the EFS client sudo yum install -y amazon-efs-utils # For Amazon Linux # sudo apt-get install -y amazon-efs-utils # For Ubuntu

    Create a mount point

    sudo mkdir /mnt/efs

    Mount the EFS file system using TLS for encryption in transit

    FILE_SYSTEM_ID="fs-0abcdef1234567890" # Replace with your EFS File System ID sudo mount -t efs -o tls $FILE_SYSTEM_ID:/ /mnt/efs

    For automatic mounting on reboot, add the following line to /etc/fstab:

    fs-0abcdef1234567890:/ /mnt/efs efs _netdev,tls 0 0

    ```

  4. Configure EFS Lifecycle Management to transition to Infrequent Access (IA): ```bash FILE_SYSTEM_ID="fs-0abcdef1234567890" # Replace with your EFS File System ID

    aws efs put-lifecycle-configuration \ --file-system-id $FILE_SYSTEM_ID \ --lifecycle-policies '[{"TransitionToIA": "AFTER_30_DAYS"}]' ```

Python (Boto3) Examples

First, ensure you have Boto3 installed (pip install boto3) and your AWS credentials configured.

  1. Create an EFS file system: ```python import boto3

    efs_client = boto3.client('efs')

    file_system_name = "MyBoto3EFS"

    try: response = efs_client.create_file_system( CreationToken=file_system_name, # Unique string to ensure idempotency PerformanceMode='generalPurpose', ThroughputMode='bursting', Encrypted=True, Tags=[ { 'Key': 'Name', 'Value': file_system_name }, ] ) file_system_id = response['FileSystemId'] print(f"Created EFS File System: {file_system_id}") except Exception as e: print(f"Error creating EFS file system: {e}") ```

  2. Create a mount target for an EFS file system: ```python import boto3

    efs_client = boto3.client('efs')

    file_system_id = "fs-0abcdef1234567890" # REPLACE with your EFS File System ID subnet_id = "subnet-0abcdef1234567890" # REPLACE with your Subnet ID security_group_id = "sg-0abcdef1234567890" # REPLACE with your Security Group ID

    try: response = efs_client.create_mount_target( FileSystemId=file_system_id, SubnetId=subnet_id, SecurityGroups=[ security_group_id, ] ) mount_target_id = response['MountTargetId'] print(f"Created Mount Target: {mount_target_id}") except Exception as e: print(f"Error creating mount target: {e}") ```

  3. Create an EFS Access Point: ```python import boto3

    efs_client = boto3.client('efs')

    file_system_id = "fs-0abcdef1234567890" # REPLACE with your EFS File System ID access_point_name = "MyAppAccessPoint"

    try: response = efs_client.create_access_point( ClientToken=access_point_name, # Unique string for idempotency FileSystemId=file_system_id, PosixUser={ 'Uid': 1001, 'Gid': 1001 }, RootDirectory={ 'Path': '/app_data', 'CreationInfo': { 'OwnerUid': 1001, 'OwnerGid': 1001, 'Permissions': '0755' } }, Tags=[ { 'Key': 'Name', 'Value': access_point_name }, ] ) access_point_id = response['AccessPointId'] print(f"Created Access Point: {access_point_id}") except Exception as e: print(f"Error creating access point: {e}") ```