{{announcement.body}}
{{announcement.title}}

Creating Encrypted EFS Using CloudFormation and EC2 Linux

DZone 's Guide to

Creating Encrypted EFS Using CloudFormation and EC2 Linux

This article demonstrates how to create an encrypted EFS instance using CloudFormation and mounting it with an EC2 Linux instance.

· Cloud Zone ·
Free Resource

There are multiple ways of storing information on an instance, like EBS or EFS. EBS is Elastic Block Storage and can be considered as if you have a high capacity Storage Device attached to your computer. Whereas EFS is Elastic File Storage and can be considered as if you have attached an external storage device attached to your computer. It may depend on your application or use case you choose to use what among both, but for our case, that we are discussing today, we are going to use encrypted EFS with EC2 Linux instance. 

Create EFS Using CloudFormation

Let's create EFS using CloudFormation. You can use the following template to create the resource.  Just pass the appropriate values when asked while creating the resource.

  • Just save the below template in a file with a file extension JSON.  

  • JSON
     




    xxxxxxxxxx
    1
    82


     
    1
    {
    2
      "AWSTemplateFormatVersion": "2010-09-09",
    3
      "Description": "This cloudformation will create encryped Elastic File System.",
    4
      "Parameters": {
    5
        "SystemName" : {
    6
          "Type": "String",
    7
          "Description" : "System for which this cloudformation is created.",
    8
          "Default" : "myLinuxSystem"
    9
        },
    10
        "Environment" : {
    11
          "Type": "String",
    12
          "Description" : "Environment for which this cloudformation is getting created",
    13
          "Default" : "dev"
    14
        },  
    15
        "RegionName" : {
    16
          "Type": "String",
    17
          "Description" : "Region Name in which resources are to be created.",
    18
          "Default" : "eu"
    19
        },
    20
        "BackbonePrivateSubnetAZa": {
    21
          "Type": "String",
    22
          "Description" : "Private subnet in availability zone A"
    23
        },
    24
        "BackbonePrivateSubnetAZb": {
    25
          "Type": "String",
    26
          "Description" : "Private subnet in availability zone B"
    27
        },
    28
        "EC2InstanceLinkedEFSFileSystemTagName": {
    29
          "Type": "String",
    30
          "Description": "Tag name of Elastic File System.",
    31
          "Default": "elastic-file-system"
    32
        },
    33
        "FileSecurityGroup": {
    34
          "Type": "String",
    35
          "Description": "File System Security Group"
    36
        }
    37
      },
    38
      "Resources": {
    39
        "EFSFileSystem": {
    40
          "Type" : "AWS::EFS::FileSystem",
    41
          "Properties" : {
    42
            "Encrypted" : true,
    43
            "FileSystemTags": [
    44
              {
    45
                "Key": "Name",
    46
                "Value": { "Fn::Join": [ "-", [ { "Ref": "SystemName" }, { "Ref": "Environment" }, { "Ref": "RegionName" }, { "Ref": "EC2InstanceLinkedEFSFileSystemTagName" } ] ] }
    47
              }
    48
            ]
    49
          }
    50
        },
    51
        "EFSMountTargetAZa": {
    52
          "Type": "AWS::EFS::MountTarget",
    53
          "Properties": {
    54
            "FileSystemId": {"Ref": "EFSFileSystem"},
    55
            "SubnetId": {"Ref": "BackbonePrivateSubnetAZa"},
    56
            "SecurityGroups": [{"Ref": "FileSecurityGroup"}]
    57
          }
    58
        },
    59
        "EFSMountTargetAZb": {
    60
          "Type": "AWS::EFS::MountTarget",
    61
          "Properties": {
    62
            "FileSystemId": {"Ref": "EFSFileSystem"},
    63
            "SubnetId": {"Ref": "BackbonePrivateSubnetAZb"},
    64
            "SecurityGroups": [{"Ref": "FileSecurityGroup"}]
    65
          }
    66
        }
    67
      },
    68
      "Outputs" : {
    69
        "ElasticFileSystem" : {
    70
          "Description": "Elastic file system.",
    71
          "Value" : {"Ref": "EFSFileSystem"}
    72
        },
    73
        "EFSMountTargetAZaId" : {
    74
          "Description": "EFS mount target Id in availability zone A.",
    75
          "Value" : {"Ref": "EFSMountTargetAZa"}
    76
        },
    77
        "EFSMountTargetAZbId" : {
    78
          "Description": "EFS mount target Id in availability zone B.",
    79
          "Value" : {"Ref": "EFSMountTargetAZb"}
    80
        }
    81
      } 
    82
    }-


  • Open the AWS console and login with your credentials.
  • Open CloudFormation. You can traverse there by clicking on Services and then typing CloudFormation on the top right search bar.
  • Once there, click on the Create Stack (With new resource (standard)) button.
  • You will see a screen similar to one below:
  • Click on Upload template file and then Choose file.
  • Upload the template JSON file which you have saved on your system from previous steps.
  • Provide the values asked on the screen. There are few default values which are already provided in the template. Modify them as per your need.
  • Follow the wizard to create the required stack.
  • After some time, you will see the resources created.
  • You can go to Services -> EFS and see the resource created.
  • File systms

Attaching EFS with Your EC2 instance

  • Login to your EC2 instance.
  • Log in as superuser. You can use the following command as well:

  • Shell
     




    xxxxxxxxxx
    1


    1
    sudo su


  • Execute the following command to create a file directory that will be mounted to save the data on EFS.
  • Shell
     




    xxxxxxxxxx
    1


     
    1
    mkdir -p /mnt/myefsdata/
    2
    chown ec2-user:ec2-user /mnt/myefsdata/


  • Now you need to execute the following command after modifying, to mount the newly created encrypted EFS.
  • Shell
     




    xxxxxxxxxx
    1


     
    1
    mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 fs-xxxxxxxx.efs.eu-west-1.amazonaws.com:/ /mnt/myefsdata


  • is the DNS name of the EFS which you have created.
  • Execute the following command to know if the drive is mounted successfully:
  • Shell
     




    xxxxxxxxxx
    1


    1
    df -h


  • You will see the output similar to one below:
  • Shell
     




    xxxxxxxxxx
    1


    1
    Filesystem                                 Size  Used Avail Use% Mounted on
    2
    devtmpfs                                   3.8G   72K  3.8G   1% /dev
    3
    tmpfs                                      3.8G  4.0K  3.8G   1% /dev/shm
    4
    /dev/nvme0n1p1                              50G  6.7G   43G  14% /
    5
    fs-xxxxxxxx.efs.eu-west-1.amazonaws.com:/  8.0E   14G  8.0E   1% /mnt/myefsdata


  • Now anything that you will save under /mnt/myefsdata will be stored to the encrypted EFS attached.


Topics:
amazon linux, aws, ec2, efs, linux, mounting

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}