Bootstrap FreeKB - Amazon Web Services (AWS) - List Elastic File Systems (EFS) Policies using the AWS CLI
Amazon Web Services (AWS) - List Elastic File Systems (EFS) Policies using the AWS CLI
Updated:   |  Amazon Web Services (AWS) articles

The aws efs describe-file-systems command can be used to list the Elastic File Systems (EFS) that have been created.

~]# aws efs describe-file-systems
{
    "FileSystems": [
        {
            "OwnerId": "123456789012",
            "CreationToken": "my-efs",
            "FileSystemId": "fs-0d1500aa4f4b50839",
            "FileSystemArn": "arn:aws:elasticfilesystem:us-east-1:123456789012:file-system/fs-0d1500aa4f4b50839",
            "CreationTime": "2023-09-27T04:55:23+00:00",
            "LifeCycleState": "available",
            "Name": "my-efs",
            "NumberOfMountTargets": 1,
            "SizeInBytes": {
                "Value": 24576,
                "Timestamp": "2023-10-02T10:13:00+00:00",
                "ValueInIA": 0,
                "ValueInStandard": 24576
            },
            "PerformanceMode": "generalPurpose",
            "Encrypted": true,
            "KmsKeyId": "arn:aws:kms:us-east-1:123456789012:key/f0c9f7f5-1956-4b8d-bb2f-e0f9aa951309",
            "ThroughputMode": "bursting",
            "Tags": [
                {
                    "Key": "Name",
                    "Value": "my-efs"
                },
                {
                    "Key": "Role",
                    "Value": "AWS EFS File Storage"
                }
            ]
        }
    ]
}

 

Then the aws efs describe-file-system-policy command can be used to display the policy attached to the Elastic File Systems (EFS).

aws efs describe-file-system-policy --file-system-id fs-0d1500aa4f4b50839

 

If not policy has been attached to the Elastic File Systems (EFS), something like this should be returned.

An error occurred (PolicyNotFound) when calling the DescribeFileSystemPolicy operation: None

 

On the other hand, if a policy is attached, the JSON of the policy should be returned.

{
    "FileSystemId": "fs-0d1500aa4f4b50839",
    "Policy": "{\n  \"Version\" : \"2012-10-17\",\n  \"Statement\" : [ {\n    \"Effect\" : \"Allow\",\n    \"Principal\" : {\n      \"AWS\" : \"*\"\n    },\n    \"Action\" : [ \"elasticfilesystem:ClientWrite\", \"elasticfilesystem:ClientMount\" ],\n    \"Resource\" : \"arn:aws:elasticfilesystem:us-east-1:123456789012:file-system/fs-0d1500aa4f4b50839\",\n    \"Condition\" : {\n      \"Bool\" : {\n        \"aws:SecureTransport\" : \"true\"\n      }\n    }\n  } ]\n}"
}

 

Here is a more user friendly version of a policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": [
                "elasticfilesystem:ClientWrite",
                "elasticfilesystem:ClientMount"
            ],
            "Resource": "arn:aws:elasticfilesystem:us-east-1:123456789012:file-system/fs-0d1500aa4f4b50839",
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "true"
                }
            }
        }
    ]
}

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 681920 in the box below so that we can be sure you are a human.