This assumes you have setup Terraform as described in Amazon Web Services (AWS) - Getting Started with Terraform.
Let's say you have the following files on your Terraform server.
├── required_providers.tf
├── elastic_file_system (directory)
│ ├── ec2_instance.tf
│ ├── elastic_file_systems.tf
│ ├── provider.tf
│ ├── security_groups.tf
required_providers.tf will almost always have this.
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
}
}
}
Let's say provider.tf has the following. In this example, the "default" profile in /home/username/.aws/config and /home/username/.aws/credentials is being used. This assumes you have setup Terraform as described in Amazon Web Services (AWS) - Getting Started with Terraform.
provider "aws" {
alias = "default"
profile = "default"
region = "default"
}
In this example, an Elastic File System named my-efs will be created and then a policy will be attached.
resource "aws_efs_file_system" "my-efs" {
creation_token = "my-efs"
encrypted = true
tags = {
Name = "my-efs"
Role = "AWS EFS File Storage"
}
}
data "aws_iam_policy_document" "efs_policy" {
statement {
actions = [
"elasticfilesystem:ClientMount",
"elasticfilesystem:ClientWrite",
]
effect = "Allow"
principals {
type = "AWS"
identifiers = ["*"]
}
resources = [aws_efs_file_system.my-efs.arn]
condition {
test = "Bool"
variable = "aws:SecureTransport"
values = ["true"]
}
}
}
resource "aws_efs_file_system_policy" "policy" {
file_system_id = aws_efs_file_system.my-efs.id
policy = data.aws_iam_policy_document.efs_policy.json
}
You may need to reissue the terraform init command.
~]# terraform init
Initializing the backend...
Initializing modules...
Initializing provider plugins...
Terraform has been successfully initialized!
The terraform plan command can be used to see what Terraform will try to do.
terraform plan
The terraform apply command can be used to create or update or delete the EFS with the attached policy.
terraform apply -auto-approve
Did you find this article helpful?
If so, consider buying me a coffee over at 