Amazon Web Services (AWS) - List Elastic File Systems (EFS) Policies using the AWS CLI

by
Jeremy Canfield |
Updated: October 03 2023
| Amazon Web Services (AWS) articles
The aws efs describe-file-systems command can be used to list the Elastic File Systems (EFS) that have been created.
~]# aws efs describe-file-systems
{
"FileSystems": [
{
"OwnerId": "123456789012",
"CreationToken": "my-efs",
"FileSystemId": "fs-0d1500aa4f4b50839",
"FileSystemArn": "arn:aws:elasticfilesystem:us-east-1:123456789012:file-system/fs-0d1500aa4f4b50839",
"CreationTime": "2023-09-27T04:55:23+00:00",
"LifeCycleState": "available",
"Name": "my-efs",
"NumberOfMountTargets": 1,
"SizeInBytes": {
"Value": 24576,
"Timestamp": "2023-10-02T10:13:00+00:00",
"ValueInIA": 0,
"ValueInStandard": 24576
},
"PerformanceMode": "generalPurpose",
"Encrypted": true,
"KmsKeyId": "arn:aws:kms:us-east-1:123456789012:key/f0c9f7f5-1956-4b8d-bb2f-e0f9aa951309",
"ThroughputMode": "bursting",
"Tags": [
{
"Key": "Name",
"Value": "my-efs"
},
{
"Key": "Role",
"Value": "AWS EFS File Storage"
}
]
}
]
}
Then the aws efs describe-file-system-policy command can be used to display the policy attached to the Elastic File Systems (EFS).
aws efs describe-file-system-policy --file-system-id fs-0d1500aa4f4b50839
If not policy has been attached to the Elastic File Systems (EFS), something like this should be returned.
An error occurred (PolicyNotFound) when calling the DescribeFileSystemPolicy operation: None
On the other hand, if a policy is attached, the JSON of the policy should be returned.
{
"FileSystemId": "fs-0d1500aa4f4b50839",
"Policy": "{\n \"Version\" : \"2012-10-17\",\n \"Statement\" : [ {\n \"Effect\" : \"Allow\",\n \"Principal\" : {\n \"AWS\" : \"*\"\n },\n \"Action\" : [ \"elasticfilesystem:ClientWrite\", \"elasticfilesystem:ClientMount\" ],\n \"Resource\" : \"arn:aws:elasticfilesystem:us-east-1:123456789012:file-system/fs-0d1500aa4f4b50839\",\n \"Condition\" : {\n \"Bool\" : {\n \"aws:SecureTransport\" : \"true\"\n }\n }\n } ]\n}"
}
Here is a more user friendly version of a policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"elasticfilesystem:ClientWrite",
"elasticfilesystem:ClientMount"
],
"Resource": "arn:aws:elasticfilesystem:us-east-1:123456789012:file-system/fs-0d1500aa4f4b50839",
"Condition": {
"Bool": {
"aws:SecureTransport": "true"
}
}
}
]
}
Did you find this article helpful?
If so, consider buying me a coffee over at