Bootstrap FreeKB - Amazon Web Services (AWS) - Create Elastic File System (EFS) Mount Targets using Terraform
Amazon Web Services (AWS) - Create Elastic File System (EFS) Mount Targets using Terraform
Updated:   |  Amazon Web Services (AWS) articles

This assumes you have setup Terraform as described in Amazon Web Services (AWS) - Getting Started with Terraform.

Elastic File System (EFS) Mount Targets are used so that you can mount an Elastic File System on an EC2 instance or an Elastic Container Service (ECS) container that are in the same Availability Zone. For example, if you have an EC2 instance in Availability Zone us-east-1a you will also need a Mount Target in us-east-1a.

 

Let's say you have the following files on your Terraform server.

├── required_providers.tf
├── elastic_file_system (directory)
│   ├── ec2_instance.tf
│   ├── elastic_file_systems.tf
│   ├── provider.tf
│   ├── security_groups.tf

 

required_providers.tf will almost always have this.

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
    }
  }
}

 

Let's say provider.tf has the following. In this example, the "default" profile in /home/username/.aws/config and /home/username/.aws/credentials is being used. This assumes you have setup Terraform as described in Amazon Web Services (AWS) - Getting Started with Terraform.

provider "aws" {
  alias   = "default"
  profile = "default"
  region  = "default"
}

 

Since the objective here is to create Mount Targets that are in the same Availability Zones as the EC2 instances or Elastic Container Service (ECS) containers that will be using the Elastic File System, it first makes sense to get the subnets of the EC2 instances or Elastic Container Service (ECS) containers. For example, perhaps ec2_instance.tf has the following, using the aws_instance data module to get the subnet ID being used by your EC2 instances.

data "aws_instance" "foo_instance" {
  filter {
    name = "tag:Name"
    values = ["foo-instance"]
  }
}

data "aws_instance" "bar_instance" {
  filter {
    name = "tag:Name"
    values = ["bar-instance"]
  }
}

 

Let's say the EC2 instances are in different subnets.

data.aws_instance.foo_instance.subnet_id = subnet-0316e4d9fcd4efccc
data.aws_instance.bar_instance.subnet_id = subnet-9a76bb6c66a98d33a

 

Additionally, the Security Group associated with the EC2 instances or Elastic Container Service (ECS) containers will need to allow incoming (ingress) on port 2049 (NFS). For example, perhaps security_groups.tf has the following.

resource "aws_security_group" "my_security_group" {
  name        = "my_Security_Group"
  description = "my Security Group"
  vpc_id      = aws_vpc.my_aws_vpc.id

  ingress {
    description      = "Allow NFS"
    from_port        = 2049
    to_port          = 2049
    protocol         = "tcp"
    cidr_blocks      = ["10.0.0.0/16"]
  }

  egress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    cidr_blocks      = ["0.0.0.0/0"]
  }

  tags = {
    Name = "my_Security_Group"
  }
}

 

And elastic_file_systems.tf could have the following.

resource "aws_efs_file_system" "efs" {
  creation_token = "my-efs"
  encrypted      = "true"
}

resource "aws_efs_mount_target" "my_aws_efs_mount_target" {

  for_each = toset([data.aws_instance.foo_instance.subnet_id, data.aws_instance.bar_instance.subnet_id])

  file_system_id    = aws_efs_file_system.efs.id
  subnet_id         = each.key
  security_groups   = [aws_security_group.my_security_group.id]
}

 

You may need to reissue the terraform init command.

~]# terraform init
Initializing the backend...
Initializing modules...
Initializing provider plugins...
Terraform has been successfully initialized!

 

By default, the terraform.tfstate file should be found in your root module directory (/usr/local/terraform/aws in this example).

  • If the EFS Mount Target does not exist and the terraform.tfstate file does not contain the EFS Mount Target Terraform will create the EFS Mount Target.
  • If the EFS Mount Target exists and the terraform.tfstate file contains the EFS Mount Target and a difference is found between the efs.tf file and the terraform.tfstate file, Terraform will update the EFS Mount Target.
  • If the EFS Mount Target exists and the terraform.tfstate file contains the EFS Mount Target and the EFS Mount Target is removed from the efs.tf file, Terraform will destroy (delete) the EFS Mount Target.

The terraform apply command can be used to create, update or delete the EFS Mount Target.

module.elastic_file_systems.aws_efs_mount_target.my-efs-mount-target["subnet-03c64e403dc5bf18f"]: Creating...
module.elastic_file_systems.aws_efs_mount_target.my-efs-mount-target["subnet-0f35c3586e5090314"]: Creating...
module.elastic_file_systems.aws_efs_mount_target.my-efs-mount-target["subnet-09b70fa463fcd4a19"]: Creating...
module.elastic_file_systems.aws_efs_mount_target.my-efs-mount-target["subnet-0316e4d9fcd4efccc"]: Creation complete after 1m23s [id=fsmt-0ca5230159a7422c4]
module.elastic_file_systems.aws_efs_mount_target.my-efs-mount-target["subnet-03f11417780f6cdbc"]: Creation complete after 1m23s [id=fsmt-05602e04eec21d879]
module.elastic_file_systems.aws_efs_mount_target.my-efs-mount-target["subnet-03c64e403dc5bf18f"]: Creation complete after 1m23s [id=fsmt-063bf406d7cdcb432]

Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

 

 

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter d1728c in the box below so that we can be sure you are a human.