awsefs

package
v2.112.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 1, 2023 License: Apache-2.0 Imports: 10 Imported by: 3

README

Amazon Elastic File System Construct Library

Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. Amazon EFS provides file storage in the AWS Cloud. With Amazon EFS, you can create a file system, mount the file system on an Amazon EC2 instance, and then read and write data to and from your file system.

This module is part of the AWS Cloud Development Kit project.

File Systems

Amazon EFS provides elastic, shared file storage that is POSIX-compliant. The file system you create supports concurrent read and write access from multiple Amazon EC2 instances and is accessible from all of the Availability Zones in the AWS Region where it is created. Learn more about EFS file systems

Create an Amazon EFS file system

A Virtual Private Cloud (VPC) is required to create an Amazon EFS file system. The following example creates a file system that is encrypted at rest, running in General Purpose performance mode, and Bursting throughput mode and does not transition files to the Infrequent Access (IA) storage class.

fileSystem := efs.NewFileSystem(this, jsii.String("MyEfsFileSystem"), &FileSystemProps{
	Vpc: ec2.NewVpc(this, jsii.String("VPC")),
	LifecyclePolicy: efs.LifecyclePolicy_AFTER_14_DAYS,
	 // files are not transitioned to infrequent access (IA) storage by default
	PerformanceMode: efs.PerformanceMode_GENERAL_PURPOSE,
	 // default
	OutOfInfrequentAccessPolicy: efs.OutOfInfrequentAccessPolicy_AFTER_1_ACCESS,
})

⚠️ An Amazon EFS file system's performance mode can't be MAX_IO when its throughputMode is ELASTIC.

⚠️ An Amazon EFS file system's performance mode can't be changed after the file system has been created. Updating this property will replace the file system.

Any file system that has been created outside the stack can be imported into your CDK app.

Use the fromFileSystemAttributes() API to import an existing file system. Here is an example of giving a role write permissions on a file system.

import iam "github.com/aws/aws-cdk-go/awscdk"


importedFileSystem := efs.FileSystem_FromFileSystemAttributes(this, jsii.String("existingFS"), &FileSystemAttributes{
	FileSystemId: jsii.String("fs-12345678"),
	 // You can also use fileSystemArn instead of fileSystemId.
	SecurityGroup: ec2.SecurityGroup_FromSecurityGroupId(this, jsii.String("SG"), jsii.String("sg-123456789"), &SecurityGroupImportOptions{
		AllowAllOutbound: jsii.Boolean(false),
	}),
})
IAM to control file system data access

You can use both IAM identity policies and resource policies to control client access to Amazon EFS resources in a way that is scalable and optimized for cloud environments. Using IAM, you can permit clients to perform specific actions on a file system, including read-only, write, and root access.

import "github.com/aws/aws-cdk-go/awscdk"


myFileSystemPolicy := iam.NewPolicyDocument(&PolicyDocumentProps{
	Statements: []policyStatement{
		iam.NewPolicyStatement(&PolicyStatementProps{
			Actions: []*string{
				jsii.String("elasticfilesystem:ClientWrite"),
				jsii.String("elasticfilesystem:ClientMount"),
			},
			Principals: []iPrincipal{
				iam.NewAccountRootPrincipal(),
			},
			Resources: []*string{
				jsii.String("*"),
			},
			Conditions: map[string]interface{}{
				"Bool": map[string]*string{
					"elasticfilesystem:AccessedViaMountTarget": jsii.String("true"),
				},
			},
		}),
	},
})

fileSystem := efs.NewFileSystem(this, jsii.String("MyEfsFileSystem"), &FileSystemProps{
	Vpc: ec2.NewVpc(this, jsii.String("VPC")),
	FileSystemPolicy: myFileSystemPolicy,
})

Alternatively, a resource policy can be added later using addToResourcePolicy(statement). Note that this will not work with imported FileSystem.

import iam "github.com/aws/aws-cdk-go/awscdk"

var statement policyStatement

fileSystem := efs.NewFileSystem(this, jsii.String("MyEfsFileSystem"), &FileSystemProps{
	Vpc: ec2.NewVpc(this, jsii.String("VPC")),
})

fileSystem.addToResourcePolicy(statement)
Permissions

If you need to grant file system permissions to another resource, you can use the .grant() API. As an example, the following code gives elasticfilesystem:Backup permissions to an IAM role.

role := iam.NewRole(this, jsii.String("Role"), &RoleProps{
	AssumedBy: iam.NewAnyPrincipal(),
})

fileSystem.grant(role, jsii.String("elasticfilesystem:Backup"))

APIs for clients also include .grantRead(), .grantReadWrite(), and .grantRootAccess(). Using these APIs grants access to clients. Also, by default, the file system policy is updated to only allow access to clients using IAM authentication and deny access to anonymous clients.

role := iam.NewRole(this, jsii.String("ClientRole"), &RoleProps{
	AssumedBy: iam.NewAnyPrincipal(),
})

fileSystem.grantRead(role)

You can control this behavior with allowAnonymousAccess. The following example continues to allow anonymous client access.

import "github.com/aws/aws-cdk-go/awscdk"


role := iam.NewRole(this, jsii.String("ClientRole"), &RoleProps{
	AssumedBy: iam.NewAnyPrincipal(),
})
fileSystem := efs.NewFileSystem(this, jsii.String("MyEfsFileSystem"), &FileSystemProps{
	Vpc: ec2.NewVpc(this, jsii.String("VPC")),
	AllowAnonymousAccess: jsii.Boolean(true),
})

fileSystem.grantRead(role)
Access Point

An access point is an application-specific view into an EFS file system that applies an operating system user and group, and a file system path, to any file system request made through the access point. The operating system user and group override any identity information provided by the NFS client. The file system path is exposed as the access point's root directory. Applications using the access point can only access data in its own directory and below. To learn more, see Mounting a File System Using EFS Access Points.

Use the addAccessPoint API to create an access point from a fileSystem.

fileSystem.AddAccessPoint(jsii.String("AccessPoint"))

By default, when you create an access point, the root(/) directory is exposed to the client connecting to the access point. You can specify a custom path with the path property.

If path does not exist, it will be created with the settings defined in the creationInfo. See Creating Access Points for more details.

Any access point that has been created outside the stack can be imported into your CDK app.

Use the fromAccessPointAttributes() API to import an existing access point.

efs.AccessPoint_FromAccessPointAttributes(this, jsii.String("ap"), &AccessPointAttributes{
	AccessPointId: jsii.String("fsap-1293c4d9832fo0912"),
	FileSystem: efs.FileSystem_FromFileSystemAttributes(this, jsii.String("efs"), &FileSystemAttributes{
		FileSystemId: jsii.String("fs-099d3e2f"),
		SecurityGroup: ec2.SecurityGroup_FromSecurityGroupId(this, jsii.String("sg"), jsii.String("sg-51530134")),
	}),
})

⚠️ Notice: When importing an Access Point using fromAccessPointAttributes(), you must make sure the mount targets are deployed and their lifecycle state is available. Otherwise, you may encounter the following error when deploying:

EFS file system referenced by access point has mount targets created in all availability zones the function will execute in, but not all are in the available life cycle state yet. Please wait for them to become available and try the request again.

Connecting

To control who can access the EFS, use the .connections attribute. EFS has a fixed default port, so you don't need to specify the port:

fileSystem.Connections.AllowDefaultPortFrom(instance)

Learn more about managing file system network accessibility

Mounting the file system using User Data

After you create a file system, you can create mount targets. Then you can mount the file system on EC2 instances, containers, and Lambda functions in your virtual private cloud (VPC).

The following example automatically mounts a file system during instance launch.

fileSystem.Connections.AllowDefaultPortFrom(instance)

instance.UserData.AddCommands(jsii.String("yum check-update -y"), jsii.String("yum upgrade -y"), jsii.String("yum install -y amazon-efs-utils"), jsii.String("yum install -y nfs-utils"), jsii.String("file_system_id_1=" + fileSystem.FileSystemId), jsii.String("efs_mount_point_1=/mnt/efs/fs1"), jsii.String("mkdir -p \"${efs_mount_point_1}\""), jsii.String("test -f \"/sbin/mount.efs\" && echo \"${file_system_id_1}:/ ${efs_mount_point_1} efs defaults,_netdev\" >> /etc/fstab || " + "echo \"${file_system_id_1}.efs." + awscdk.stack_Of(this).Region + ".amazonaws.com:/ ${efs_mount_point_1} nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport,_netdev 0 0\" >> /etc/fstab"), jsii.String("mount -a -t efs,nfs4 defaults"))

Learn more about mounting EFS file systems

Deleting

Since file systems are stateful resources, by default the file system will not be deleted when your stack is deleted.

You can configure the file system to be destroyed on stack deletion by setting a removalPolicy

fileSystem := efs.NewFileSystem(this, jsii.String("EfsFileSystem"), &FileSystemProps{
	Vpc: ec2.NewVpc(this, jsii.String("VPC")),
	RemovalPolicy: awscdk.RemovalPolicy_DESTROY,
})

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AccessPoint_IsConstruct

func AccessPoint_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func AccessPoint_IsOwnedResource added in v2.32.0

func AccessPoint_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func AccessPoint_IsResource

func AccessPoint_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func CfnAccessPoint_CFN_RESOURCE_TYPE_NAME

func CfnAccessPoint_CFN_RESOURCE_TYPE_NAME() *string

func CfnAccessPoint_IsCfnElement

func CfnAccessPoint_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnAccessPoint_IsCfnResource

func CfnAccessPoint_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnAccessPoint_IsConstruct

func CfnAccessPoint_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnFileSystem_CFN_RESOURCE_TYPE_NAME

func CfnFileSystem_CFN_RESOURCE_TYPE_NAME() *string

func CfnFileSystem_IsCfnElement

func CfnFileSystem_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnFileSystem_IsCfnResource

func CfnFileSystem_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnFileSystem_IsConstruct

func CfnFileSystem_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnMountTarget_CFN_RESOURCE_TYPE_NAME

func CfnMountTarget_CFN_RESOURCE_TYPE_NAME() *string

func CfnMountTarget_IsCfnElement

func CfnMountTarget_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnMountTarget_IsCfnResource

func CfnMountTarget_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnMountTarget_IsConstruct

func CfnMountTarget_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func FileSystem_DEFAULT_PORT

func FileSystem_DEFAULT_PORT() *float64

func FileSystem_IsConstruct

func FileSystem_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func FileSystem_IsOwnedResource added in v2.32.0

func FileSystem_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func FileSystem_IsResource

func FileSystem_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func NewAccessPoint_Override

func NewAccessPoint_Override(a AccessPoint, scope constructs.Construct, id *string, props *AccessPointProps)

func NewCfnAccessPoint_Override

func NewCfnAccessPoint_Override(c CfnAccessPoint, scope constructs.Construct, id *string, props *CfnAccessPointProps)

func NewCfnFileSystem_Override

func NewCfnFileSystem_Override(c CfnFileSystem, scope constructs.Construct, id *string, props *CfnFileSystemProps)

func NewCfnMountTarget_Override

func NewCfnMountTarget_Override(c CfnMountTarget, scope constructs.Construct, id *string, props *CfnMountTargetProps)

func NewFileSystem_Override

func NewFileSystem_Override(f FileSystem, scope constructs.Construct, id *string, props *FileSystemProps)

Constructor for creating a new EFS FileSystem.

Types

type AccessPoint

type AccessPoint interface {
	awscdk.Resource
	IAccessPoint
	// The ARN of the Access Point.
	AccessPointArn() *string
	// The ID of the Access Point.
	AccessPointId() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The file system of the access point.
	FileSystem() IFileSystem
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

Represents the AccessPoint.

Example:

efs.AccessPoint_FromAccessPointAttributes(this, jsii.String("ap"), &AccessPointAttributes{
	AccessPointId: jsii.String("fsap-1293c4d9832fo0912"),
	FileSystem: efs.FileSystem_FromFileSystemAttributes(this, jsii.String("efs"), &FileSystemAttributes{
		FileSystemId: jsii.String("fs-099d3e2f"),
		SecurityGroup: ec2.SecurityGroup_FromSecurityGroupId(this, jsii.String("sg"), jsii.String("sg-51530134")),
	}),
})

func NewAccessPoint

func NewAccessPoint(scope constructs.Construct, id *string, props *AccessPointProps) AccessPoint

type AccessPointAttributes

type AccessPointAttributes struct {
	// The ARN of the AccessPoint One of this, or `accessPointId` is required.
	// Default: - determined based on accessPointId.
	//
	AccessPointArn *string `field:"optional" json:"accessPointArn" yaml:"accessPointArn"`
	// The ID of the AccessPoint One of this, or `accessPointArn` is required.
	// Default: - determined based on accessPointArn.
	//
	AccessPointId *string `field:"optional" json:"accessPointId" yaml:"accessPointId"`
	// The EFS file system.
	// Default: - no EFS file system.
	//
	FileSystem IFileSystem `field:"optional" json:"fileSystem" yaml:"fileSystem"`
}

Attributes that can be specified when importing an AccessPoint.

Example:

efs.AccessPoint_FromAccessPointAttributes(this, jsii.String("ap"), &AccessPointAttributes{
	AccessPointId: jsii.String("fsap-1293c4d9832fo0912"),
	FileSystem: efs.FileSystem_FromFileSystemAttributes(this, jsii.String("efs"), &FileSystemAttributes{
		FileSystemId: jsii.String("fs-099d3e2f"),
		SecurityGroup: ec2.SecurityGroup_FromSecurityGroupId(this, jsii.String("sg"), jsii.String("sg-51530134")),
	}),
})

type AccessPointOptions

type AccessPointOptions struct {
	// Specifies the POSIX IDs and permissions to apply when creating the access point's root directory.
	//
	// If the
	// root directory specified by `path` does not exist, EFS creates the root directory and applies the
	// permissions specified here. If the specified `path` does not exist, you must specify `createAcl`.
	// Default: - None. The directory specified by `path` must exist.
	//
	CreateAcl *Acl `field:"optional" json:"createAcl" yaml:"createAcl"`
	// Specifies the path on the EFS file system to expose as the root directory to NFS clients using the access point to access the EFS file system.
	// Default: '/'.
	//
	Path *string `field:"optional" json:"path" yaml:"path"`
	// The full POSIX identity, including the user ID, group ID, and any secondary group IDs, on the access point that is used for all file system operations performed by NFS clients using the access point.
	//
	// Specify this to enforce a user identity using an access point.
	// See:  - [Enforcing a User Identity Using an Access Point](https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html)
	//
	// Default: - user identity not enforced.
	//
	PosixUser *PosixUser `field:"optional" json:"posixUser" yaml:"posixUser"`
}

Options to create an AccessPoint.

Example:

import ec2 "github.com/aws/aws-cdk-go/awscdk"
import efs "github.com/aws/aws-cdk-go/awscdk"

// create a new VPC
vpc := ec2.NewVpc(this, jsii.String("VPC"))

// create a new Amazon EFS filesystem
fileSystem := efs.NewFileSystem(this, jsii.String("Efs"), &FileSystemProps{
	Vpc: Vpc,
})

// create a new access point from the filesystem
accessPoint := fileSystem.AddAccessPoint(jsii.String("AccessPoint"), &AccessPointOptions{
	// set /export/lambda as the root of the access point
	Path: jsii.String("/export/lambda"),
	// as /export/lambda does not exist in a new efs filesystem, the efs will create the directory with the following createAcl
	CreateAcl: &Acl{
		OwnerUid: jsii.String("1001"),
		OwnerGid: jsii.String("1001"),
		Permissions: jsii.String("750"),
	},
	// enforce the POSIX identity so lambda function will access with this identity
	PosixUser: &PosixUser{
		Uid: jsii.String("1001"),
		Gid: jsii.String("1001"),
	},
})

fn := lambda.NewFunction(this, jsii.String("MyLambda"), &FunctionProps{
	// mount the access point to /mnt/msg in the lambda runtime environment
	Filesystem: lambda.FileSystem_FromEfsAccessPoint(accessPoint, jsii.String("/mnt/msg")),
	Runtime: lambda.Runtime_NODEJS_18_X(),
	Handler: jsii.String("index.handler"),
	Code: lambda.Code_FromAsset(path.join(__dirname, jsii.String("lambda-handler"))),
	Vpc: Vpc,
})

type AccessPointProps

type AccessPointProps struct {
	// Specifies the POSIX IDs and permissions to apply when creating the access point's root directory.
	//
	// If the
	// root directory specified by `path` does not exist, EFS creates the root directory and applies the
	// permissions specified here. If the specified `path` does not exist, you must specify `createAcl`.
	// Default: - None. The directory specified by `path` must exist.
	//
	CreateAcl *Acl `field:"optional" json:"createAcl" yaml:"createAcl"`
	// Specifies the path on the EFS file system to expose as the root directory to NFS clients using the access point to access the EFS file system.
	// Default: '/'.
	//
	Path *string `field:"optional" json:"path" yaml:"path"`
	// The full POSIX identity, including the user ID, group ID, and any secondary group IDs, on the access point that is used for all file system operations performed by NFS clients using the access point.
	//
	// Specify this to enforce a user identity using an access point.
	// See:  - [Enforcing a User Identity Using an Access Point](https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html)
	//
	// Default: - user identity not enforced.
	//
	PosixUser *PosixUser `field:"optional" json:"posixUser" yaml:"posixUser"`
	// The efs filesystem.
	FileSystem IFileSystem `field:"required" json:"fileSystem" yaml:"fileSystem"`
}

Properties for the AccessPoint.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var fileSystem fileSystem

accessPointProps := &AccessPointProps{
	FileSystem: fileSystem,

	// the properties below are optional
	CreateAcl: &Acl{
		OwnerGid: jsii.String("ownerGid"),
		OwnerUid: jsii.String("ownerUid"),
		Permissions: jsii.String("permissions"),
	},
	Path: jsii.String("path"),
	PosixUser: &PosixUser{
		Gid: jsii.String("gid"),
		Uid: jsii.String("uid"),

		// the properties below are optional
		SecondaryGids: []*string{
			jsii.String("secondaryGids"),
		},
	},
}

type Acl

type Acl struct {
	// Specifies the POSIX group ID to apply to the RootDirectory.
	//
	// Accepts values from 0 to 2^32 (4294967295).
	OwnerGid *string `field:"required" json:"ownerGid" yaml:"ownerGid"`
	// Specifies the POSIX user ID to apply to the RootDirectory.
	//
	// Accepts values from 0 to 2^32 (4294967295).
	OwnerUid *string `field:"required" json:"ownerUid" yaml:"ownerUid"`
	// Specifies the POSIX permissions to apply to the RootDirectory, in the format of an octal number representing the file's mode bits.
	Permissions *string `field:"required" json:"permissions" yaml:"permissions"`
}

Permissions as POSIX ACL.

Example:

import ec2 "github.com/aws/aws-cdk-go/awscdk"
import efs "github.com/aws/aws-cdk-go/awscdk"

// create a new VPC
vpc := ec2.NewVpc(this, jsii.String("VPC"))

// create a new Amazon EFS filesystem
fileSystem := efs.NewFileSystem(this, jsii.String("Efs"), &FileSystemProps{
	Vpc: Vpc,
})

// create a new access point from the filesystem
accessPoint := fileSystem.AddAccessPoint(jsii.String("AccessPoint"), &AccessPointOptions{
	// set /export/lambda as the root of the access point
	Path: jsii.String("/export/lambda"),
	// as /export/lambda does not exist in a new efs filesystem, the efs will create the directory with the following createAcl
	CreateAcl: &Acl{
		OwnerUid: jsii.String("1001"),
		OwnerGid: jsii.String("1001"),
		Permissions: jsii.String("750"),
	},
	// enforce the POSIX identity so lambda function will access with this identity
	PosixUser: &PosixUser{
		Uid: jsii.String("1001"),
		Gid: jsii.String("1001"),
	},
})

fn := lambda.NewFunction(this, jsii.String("MyLambda"), &FunctionProps{
	// mount the access point to /mnt/msg in the lambda runtime environment
	Filesystem: lambda.FileSystem_FromEfsAccessPoint(accessPoint, jsii.String("/mnt/msg")),
	Runtime: lambda.Runtime_NODEJS_18_X(),
	Handler: jsii.String("index.handler"),
	Code: lambda.Code_FromAsset(path.join(__dirname, jsii.String("lambda-handler"))),
	Vpc: Vpc,
})

type CfnAccessPoint

type CfnAccessPoint interface {
	awscdk.CfnResource
	awscdk.IInspectable
	awscdk.ITaggable
	// An array of key-value pairs to apply to this resource.
	AccessPointTagsRaw() *[]*CfnAccessPoint_AccessPointTagProperty
	SetAccessPointTagsRaw(val *[]*CfnAccessPoint_AccessPointTagProperty)
	// The ID of the EFS access point.
	AttrAccessPointId() *string
	// The Amazon Resource Name (ARN) of the access point.
	AttrArn() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// The opaque string specified in the request to ensure idempotent creation.
	ClientToken() *string
	SetClientToken(val *string)
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The ID of the EFS file system that the access point applies to.
	FileSystemId() *string
	SetFileSystemId(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// The full POSIX identity, including the user ID, group ID, and secondary group IDs on the access point that is used for all file operations by NFS clients using the access point.
	PosixUser() interface{}
	SetPosixUser(val interface{})
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The directory on the Amazon EFS file system that the access point exposes as the root directory to NFS clients using the access point.
	RootDirectory() interface{}
	SetRootDirectory(val interface{})
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Tag Manager which manages the tags for this resource.
	Tags() awscdk.TagManager
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::EFS::AccessPoint` resource creates an EFS access point.

An access point is an application-specific view into an EFS file system that applies an operating system user and group, and a file system path, to any file system request made through the access point. The operating system user and group override any identity information provided by the NFS client. The file system path is exposed as the access point's root directory. Applications using the access point can only access data in its own directory and below. To learn more, see [Mounting a file system using EFS access points](https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html) .

This operation requires permissions for the `elasticfilesystem:CreateAccessPoint` action.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnAccessPoint := awscdk.Aws_efs.NewCfnAccessPoint(this, jsii.String("MyCfnAccessPoint"), &CfnAccessPointProps{
	FileSystemId: jsii.String("fileSystemId"),

	// the properties below are optional
	AccessPointTags: []accessPointTagProperty{
		&accessPointTagProperty{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	ClientToken: jsii.String("clientToken"),
	PosixUser: &PosixUserProperty{
		Gid: jsii.String("gid"),
		Uid: jsii.String("uid"),

		// the properties below are optional
		SecondaryGids: []*string{
			jsii.String("secondaryGids"),
		},
	},
	RootDirectory: &RootDirectoryProperty{
		CreationInfo: &CreationInfoProperty{
			OwnerGid: jsii.String("ownerGid"),
			OwnerUid: jsii.String("ownerUid"),
			Permissions: jsii.String("permissions"),
		},
		Path: jsii.String("path"),
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-accesspoint.html

func NewCfnAccessPoint

func NewCfnAccessPoint(scope constructs.Construct, id *string, props *CfnAccessPointProps) CfnAccessPoint

type CfnAccessPointProps

type CfnAccessPointProps struct {
	// The ID of the EFS file system that the access point applies to.
	//
	// Accepts only the ID format for input when specifying a file system, for example `fs-0123456789abcedf2` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-accesspoint.html#cfn-efs-accesspoint-filesystemid
	//
	FileSystemId *string `field:"required" json:"fileSystemId" yaml:"fileSystemId"`
	// An array of key-value pairs to apply to this resource.
	//
	// For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-accesspoint.html#cfn-efs-accesspoint-accesspointtags
	//
	AccessPointTags *[]*CfnAccessPoint_AccessPointTagProperty `field:"optional" json:"accessPointTags" yaml:"accessPointTags"`
	// The opaque string specified in the request to ensure idempotent creation.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-accesspoint.html#cfn-efs-accesspoint-clienttoken
	//
	ClientToken *string `field:"optional" json:"clientToken" yaml:"clientToken"`
	// The full POSIX identity, including the user ID, group ID, and secondary group IDs on the access point that is used for all file operations by NFS clients using the access point.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-accesspoint.html#cfn-efs-accesspoint-posixuser
	//
	PosixUser interface{} `field:"optional" json:"posixUser" yaml:"posixUser"`
	// The directory on the Amazon EFS file system that the access point exposes as the root directory to NFS clients using the access point.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-accesspoint.html#cfn-efs-accesspoint-rootdirectory
	//
	RootDirectory interface{} `field:"optional" json:"rootDirectory" yaml:"rootDirectory"`
}

Properties for defining a `CfnAccessPoint`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnAccessPointProps := &CfnAccessPointProps{
	FileSystemId: jsii.String("fileSystemId"),

	// the properties below are optional
	AccessPointTags: []accessPointTagProperty{
		&accessPointTagProperty{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	ClientToken: jsii.String("clientToken"),
	PosixUser: &PosixUserProperty{
		Gid: jsii.String("gid"),
		Uid: jsii.String("uid"),

		// the properties below are optional
		SecondaryGids: []*string{
			jsii.String("secondaryGids"),
		},
	},
	RootDirectory: &RootDirectoryProperty{
		CreationInfo: &CreationInfoProperty{
			OwnerGid: jsii.String("ownerGid"),
			OwnerUid: jsii.String("ownerUid"),
			Permissions: jsii.String("permissions"),
		},
		Path: jsii.String("path"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-accesspoint.html

type CfnAccessPoint_AccessPointTagProperty

type CfnAccessPoint_AccessPointTagProperty struct {
	// The tag key (String).
	//
	// The key can't start with `aws:` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-accesspoint-accesspointtag.html#cfn-efs-accesspoint-accesspointtag-key
	//
	Key *string `field:"optional" json:"key" yaml:"key"`
	// The value of the tag key.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-accesspoint-accesspointtag.html#cfn-efs-accesspoint-accesspointtag-value
	//
	Value *string `field:"optional" json:"value" yaml:"value"`
}

A tag is a key-value pair attached to a file system.

Allowed characters in the `Key` and `Value` properties are letters, white space, and numbers that can be represented in UTF-8, and the following characters: `+ - = . _ : /`

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

accessPointTagProperty := &AccessPointTagProperty{
	Key: jsii.String("key"),
	Value: jsii.String("value"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-accesspoint-accesspointtag.html

type CfnAccessPoint_CreationInfoProperty

type CfnAccessPoint_CreationInfoProperty struct {
	// Specifies the POSIX group ID to apply to the `RootDirectory` .
	//
	// Accepts values from 0 to 2^32 (4294967295).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-accesspoint-creationinfo.html#cfn-efs-accesspoint-creationinfo-ownergid
	//
	OwnerGid *string `field:"required" json:"ownerGid" yaml:"ownerGid"`
	// Specifies the POSIX user ID to apply to the `RootDirectory` .
	//
	// Accepts values from 0 to 2^32 (4294967295).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-accesspoint-creationinfo.html#cfn-efs-accesspoint-creationinfo-owneruid
	//
	OwnerUid *string `field:"required" json:"ownerUid" yaml:"ownerUid"`
	// Specifies the POSIX permissions to apply to the `RootDirectory` , in the format of an octal number representing the file's mode bits.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-accesspoint-creationinfo.html#cfn-efs-accesspoint-creationinfo-permissions
	//
	Permissions *string `field:"required" json:"permissions" yaml:"permissions"`
}

Required if the `RootDirectory` > `Path` specified does not exist.

Specifies the POSIX IDs and permissions to apply to the access point's `RootDirectory` > `Path` . If the access point root directory does not exist, EFS creates it with these settings when a client connects to the access point. When specifying `CreationInfo` , you must include values for all properties.

Amazon EFS creates a root directory only if you have provided the CreationInfo: OwnUid, OwnGID, and permissions for the directory. If you do not provide this information, Amazon EFS does not create the root directory. If the root directory does not exist, attempts to mount using the access point will fail.

> If you do not provide `CreationInfo` and the specified `RootDirectory` does not exist, attempts to mount the file system using the access point will fail.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

creationInfoProperty := &CreationInfoProperty{
	OwnerGid: jsii.String("ownerGid"),
	OwnerUid: jsii.String("ownerUid"),
	Permissions: jsii.String("permissions"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-accesspoint-creationinfo.html

type CfnAccessPoint_PosixUserProperty

type CfnAccessPoint_PosixUserProperty struct {
	// The POSIX group ID used for all file system operations using this access point.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-accesspoint-posixuser.html#cfn-efs-accesspoint-posixuser-gid
	//
	Gid *string `field:"required" json:"gid" yaml:"gid"`
	// The POSIX user ID used for all file system operations using this access point.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-accesspoint-posixuser.html#cfn-efs-accesspoint-posixuser-uid
	//
	Uid *string `field:"required" json:"uid" yaml:"uid"`
	// Secondary POSIX group IDs used for all file system operations using this access point.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-accesspoint-posixuser.html#cfn-efs-accesspoint-posixuser-secondarygids
	//
	SecondaryGids *[]*string `field:"optional" json:"secondaryGids" yaml:"secondaryGids"`
}

The full POSIX identity, including the user ID, group ID, and any secondary group IDs, on the access point that is used for all file system operations performed by NFS clients using the access point.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

posixUserProperty := &PosixUserProperty{
	Gid: jsii.String("gid"),
	Uid: jsii.String("uid"),

	// the properties below are optional
	SecondaryGids: []*string{
		jsii.String("secondaryGids"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-accesspoint-posixuser.html

type CfnAccessPoint_RootDirectoryProperty

type CfnAccessPoint_RootDirectoryProperty struct {
	// (Optional) Specifies the POSIX IDs and permissions to apply to the access point's `RootDirectory` .
	//
	// If the `RootDirectory` > `Path` specified does not exist, EFS creates the root directory using the `CreationInfo` settings when a client connects to an access point. When specifying the `CreationInfo` , you must provide values for all properties.
	//
	// > If you do not provide `CreationInfo` and the specified `RootDirectory` > `Path` does not exist, attempts to mount the file system using the access point will fail.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-accesspoint-rootdirectory.html#cfn-efs-accesspoint-rootdirectory-creationinfo
	//
	CreationInfo interface{} `field:"optional" json:"creationInfo" yaml:"creationInfo"`
	// Specifies the path on the EFS file system to expose as the root directory to NFS clients using the access point to access the EFS file system.
	//
	// A path can have up to four subdirectories. If the specified path does not exist, you are required to provide the `CreationInfo` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-accesspoint-rootdirectory.html#cfn-efs-accesspoint-rootdirectory-path
	//
	Path *string `field:"optional" json:"path" yaml:"path"`
}

Specifies the directory on the Amazon EFS file system that the access point provides access to.

The access point exposes the specified file system path as the root directory of your file system to applications using the access point. NFS clients using the access point can only access data in the access point's `RootDirectory` and it's subdirectories.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

rootDirectoryProperty := &RootDirectoryProperty{
	CreationInfo: &CreationInfoProperty{
		OwnerGid: jsii.String("ownerGid"),
		OwnerUid: jsii.String("ownerUid"),
		Permissions: jsii.String("permissions"),
	},
	Path: jsii.String("path"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-accesspoint-rootdirectory.html

type CfnFileSystem

type CfnFileSystem interface {
	awscdk.CfnResource
	awscdk.IInspectable
	awscdk.ITaggable
	// The Amazon Resource Name (ARN) of the EFS file system.
	//
	// Example: `arn:aws:elasticfilesystem:us-west-2:1111333322228888:file-system/fs-0123456789abcdef8`.
	AttrArn() *string
	// The ID of the EFS file system.
	//
	// For example: `fs-abcdef0123456789a`.
	AttrFileSystemId() *string
	// Used to create a file system that uses One Zone storage classes.
	AvailabilityZoneName() *string
	SetAvailabilityZoneName(val *string)
	// Use the `BackupPolicy` to turn automatic backups on or off for the file system.
	BackupPolicy() interface{}
	SetBackupPolicy(val interface{})
	// (Optional) A boolean that specifies whether or not to bypass the `FileSystemPolicy` lockout safety check.
	BypassPolicyLockoutSafetyCheck() interface{}
	SetBypassPolicyLockoutSafetyCheck(val interface{})
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// A Boolean value that, if true, creates an encrypted file system.
	Encrypted() interface{}
	SetEncrypted(val interface{})
	// The `FileSystemPolicy` for the EFS file system.
	FileSystemPolicy() interface{}
	SetFileSystemPolicy(val interface{})
	// Use to create one or more tags associated with the file system.
	FileSystemTagsRaw() *[]*CfnFileSystem_ElasticFileSystemTagProperty
	SetFileSystemTagsRaw(val *[]*CfnFileSystem_ElasticFileSystemTagProperty)
	// The ID of the AWS KMS key to be used to protect the encrypted file system.
	KmsKeyId() *string
	SetKmsKeyId(val *string)
	// An array of `LifecyclePolicy` objects that define the file system's `LifecycleConfiguration` object.
	LifecyclePolicies() interface{}
	SetLifecyclePolicies(val interface{})
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// The performance mode of the file system.
	PerformanceMode() *string
	SetPerformanceMode(val *string)
	// The throughput, measured in mebibytes per second (MiBps), that you want to provision for a file system that you're creating.
	ProvisionedThroughputInMibps() *float64
	SetProvisionedThroughputInMibps(val *float64)
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// Describes the replication configuration for a specific file system.
	ReplicationConfiguration() interface{}
	SetReplicationConfiguration(val interface{})
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Tag Manager which manages the tags for this resource.
	Tags() awscdk.TagManager
	// Specifies the throughput mode for the file system.
	ThroughputMode() *string
	SetThroughputMode(val *string)
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::EFS::FileSystem` resource creates a new, empty file system in Amazon Elastic File System ( Amazon EFS ).

You must create a mount target ( [AWS::EFS::MountTarget](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html) ) to mount your EFS file system on an Amazon EC2 or other AWS cloud compute resource.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var fileSystemPolicy interface{}

cfnFileSystem := awscdk.Aws_efs.NewCfnFileSystem(this, jsii.String("MyCfnFileSystem"), &CfnFileSystemProps{
	AvailabilityZoneName: jsii.String("availabilityZoneName"),
	BackupPolicy: &BackupPolicyProperty{
		Status: jsii.String("status"),
	},
	BypassPolicyLockoutSafetyCheck: jsii.Boolean(false),
	Encrypted: jsii.Boolean(false),
	FileSystemPolicy: fileSystemPolicy,
	FileSystemTags: []elasticFileSystemTagProperty{
		&elasticFileSystemTagProperty{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	KmsKeyId: jsii.String("kmsKeyId"),
	LifecyclePolicies: []interface{}{
		&LifecyclePolicyProperty{
			TransitionToIa: jsii.String("transitionToIa"),
			TransitionToPrimaryStorageClass: jsii.String("transitionToPrimaryStorageClass"),
		},
	},
	PerformanceMode: jsii.String("performanceMode"),
	ProvisionedThroughputInMibps: jsii.Number(123),
	ReplicationConfiguration: &ReplicationConfigurationProperty{
		Destinations: []interface{}{
			&ReplicationDestinationProperty{
				AvailabilityZoneName: jsii.String("availabilityZoneName"),
				FileSystemId: jsii.String("fileSystemId"),
				KmsKeyId: jsii.String("kmsKeyId"),
				Region: jsii.String("region"),
			},
		},
	},
	ThroughputMode: jsii.String("throughputMode"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html

func NewCfnFileSystem

func NewCfnFileSystem(scope constructs.Construct, id *string, props *CfnFileSystemProps) CfnFileSystem

type CfnFileSystemProps

type CfnFileSystemProps struct {
	// Used to create a file system that uses One Zone storage classes.
	//
	// It specifies the AWS Availability Zone in which to create the file system. Use the format `us-east-1a` to specify the Availability Zone. For more information about One Zone storage classes, see [Using EFS storage classes](https://docs.aws.amazon.com/efs/latest/ug/storage-classes.html) in the *Amazon EFS User Guide* .
	//
	// > One Zone storage classes are not available in all Availability Zones in AWS Regions where Amazon EFS is available.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-efs-filesystem-availabilityzonename
	//
	AvailabilityZoneName *string `field:"optional" json:"availabilityZoneName" yaml:"availabilityZoneName"`
	// Use the `BackupPolicy` to turn automatic backups on or off for the file system.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-efs-filesystem-backuppolicy
	//
	BackupPolicy interface{} `field:"optional" json:"backupPolicy" yaml:"backupPolicy"`
	// (Optional) A boolean that specifies whether or not to bypass the `FileSystemPolicy` lockout safety check.
	//
	// The lockout safety check determines whether the policy in the request will lock out, or prevent, the IAM principal that is making the request from making future `PutFileSystemPolicy` requests on this file system. Set `BypassPolicyLockoutSafetyCheck` to `True` only when you intend to prevent the IAM principal that is making the request from making subsequent `PutFileSystemPolicy` requests on this file system. The default value is `False` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-efs-filesystem-bypasspolicylockoutsafetycheck
	//
	BypassPolicyLockoutSafetyCheck interface{} `field:"optional" json:"bypassPolicyLockoutSafetyCheck" yaml:"bypassPolicyLockoutSafetyCheck"`
	// A Boolean value that, if true, creates an encrypted file system.
	//
	// When creating an encrypted file system, you have the option of specifying a KmsKeyId for an existing AWS KMS key . If you don't specify a KMS key , then the default KMS key for Amazon EFS , `/aws/elasticfilesystem` , is used to protect the encrypted file system.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-efs-filesystem-encrypted
	//
	Encrypted interface{} `field:"optional" json:"encrypted" yaml:"encrypted"`
	// The `FileSystemPolicy` for the EFS file system.
	//
	// A file system policy is an IAM resource policy used to control NFS access to an EFS file system. For more information, see [Using IAM to control NFS access to Amazon EFS](https://docs.aws.amazon.com/efs/latest/ug/iam-access-control-nfs-efs.html) in the *Amazon EFS User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-efs-filesystem-filesystempolicy
	//
	FileSystemPolicy interface{} `field:"optional" json:"fileSystemPolicy" yaml:"fileSystemPolicy"`
	// Use to create one or more tags associated with the file system.
	//
	// Each tag is a user-defined key-value pair. Name your file system on creation by including a `"Key":"Name","Value":"{value}"` key-value pair. Each key must be unique. For more information, see [Tagging AWS resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in the *AWS General Reference Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-efs-filesystem-filesystemtags
	//
	FileSystemTags *[]*CfnFileSystem_ElasticFileSystemTagProperty `field:"optional" json:"fileSystemTags" yaml:"fileSystemTags"`
	// The ID of the AWS KMS key to be used to protect the encrypted file system.
	//
	// This parameter is only required if you want to use a nondefault KMS key . If this parameter is not specified, the default KMS key for Amazon EFS is used. This ID can be in one of the following formats:
	//
	// - Key ID - A unique identifier of the key, for example `1234abcd-12ab-34cd-56ef-1234567890ab` .
	// - ARN - An Amazon Resource Name (ARN) for the key, for example `arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab` .
	// - Key alias - A previously created display name for a key, for example `alias/projectKey1` .
	// - Key alias ARN - An ARN for a key alias, for example `arn:aws:kms:us-west-2:444455556666:alias/projectKey1` .
	//
	// If `KmsKeyId` is specified, the `Encrypted` parameter must be set to true.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-efs-filesystem-kmskeyid
	//
	KmsKeyId *string `field:"optional" json:"kmsKeyId" yaml:"kmsKeyId"`
	// An array of `LifecyclePolicy` objects that define the file system's `LifecycleConfiguration` object.
	//
	// A `LifecycleConfiguration` object informs EFS lifecycle management and intelligent tiering of the following:
	//
	// - When to move files in the file system from primary storage to the IA storage class.
	// - When to move files that are in IA storage to primary storage.
	//
	// > Amazon EFS requires that each `LifecyclePolicy` object have only a single transition. This means that in a request body, `LifecyclePolicies` needs to be structured as an array of `LifecyclePolicy` objects, one object for each transition, `TransitionToIA` , `TransitionToPrimaryStorageClass` . See the example requests in the following section for more information.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-efs-filesystem-lifecyclepolicies
	//
	LifecyclePolicies interface{} `field:"optional" json:"lifecyclePolicies" yaml:"lifecyclePolicies"`
	// The performance mode of the file system.
	//
	// We recommend `generalPurpose` performance mode for all file systems. File systems using the `maxIO` performance mode can scale to higher levels of aggregate throughput and operations per second with a tradeoff of slightly higher latencies for most file operations. The performance mode can't be changed after the file system has been created. The `maxIO` mode is not supported on file systems using One Zone storage classes.
	//
	// > Due to the higher per-operation latencies with Max I/O, we recommend using General Purpose performance mode for all file systems.
	//
	// Default is `generalPurpose` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-efs-filesystem-performancemode
	//
	PerformanceMode *string `field:"optional" json:"performanceMode" yaml:"performanceMode"`
	// The throughput, measured in mebibytes per second (MiBps), that you want to provision for a file system that you're creating.
	//
	// Required if `ThroughputMode` is set to `provisioned` . Valid values are 1-3414 MiBps, with the upper limit depending on Region. To increase this limit, contact AWS Support . For more information, see [Amazon EFS quotas that you can increase](https://docs.aws.amazon.com/efs/latest/ug/limits.html#soft-limits) in the *Amazon EFS User Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-efs-filesystem-provisionedthroughputinmibps
	//
	ProvisionedThroughputInMibps *float64 `field:"optional" json:"provisionedThroughputInMibps" yaml:"provisionedThroughputInMibps"`
	// Describes the replication configuration for a specific file system.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-efs-filesystem-replicationconfiguration
	//
	ReplicationConfiguration interface{} `field:"optional" json:"replicationConfiguration" yaml:"replicationConfiguration"`
	// Specifies the throughput mode for the file system.
	//
	// The mode can be `bursting` , `provisioned` , or `elastic` . If you set `ThroughputMode` to `provisioned` , you must also set a value for `ProvisionedThroughputInMibps` . After you create the file system, you can decrease your file system's throughput in Provisioned Throughput mode or change between the throughput modes, with certain time restrictions. For more information, see [Specifying throughput with provisioned mode](https://docs.aws.amazon.com/efs/latest/ug/performance.html#provisioned-throughput) in the *Amazon EFS User Guide* .
	//
	// Default is `bursting` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-efs-filesystem-throughputmode
	//
	ThroughputMode *string `field:"optional" json:"throughputMode" yaml:"throughputMode"`
}

Properties for defining a `CfnFileSystem`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var fileSystemPolicy interface{}

cfnFileSystemProps := &CfnFileSystemProps{
	AvailabilityZoneName: jsii.String("availabilityZoneName"),
	BackupPolicy: &BackupPolicyProperty{
		Status: jsii.String("status"),
	},
	BypassPolicyLockoutSafetyCheck: jsii.Boolean(false),
	Encrypted: jsii.Boolean(false),
	FileSystemPolicy: fileSystemPolicy,
	FileSystemTags: []elasticFileSystemTagProperty{
		&elasticFileSystemTagProperty{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	KmsKeyId: jsii.String("kmsKeyId"),
	LifecyclePolicies: []interface{}{
		&LifecyclePolicyProperty{
			TransitionToIa: jsii.String("transitionToIa"),
			TransitionToPrimaryStorageClass: jsii.String("transitionToPrimaryStorageClass"),
		},
	},
	PerformanceMode: jsii.String("performanceMode"),
	ProvisionedThroughputInMibps: jsii.Number(123),
	ReplicationConfiguration: &ReplicationConfigurationProperty{
		Destinations: []interface{}{
			&ReplicationDestinationProperty{
				AvailabilityZoneName: jsii.String("availabilityZoneName"),
				FileSystemId: jsii.String("fileSystemId"),
				KmsKeyId: jsii.String("kmsKeyId"),
				Region: jsii.String("region"),
			},
		},
	},
	ThroughputMode: jsii.String("throughputMode"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html

type CfnFileSystem_BackupPolicyProperty

type CfnFileSystem_BackupPolicyProperty struct {
	// Set the backup policy status for the file system.
	//
	// - *`ENABLED`* - Turns automatic backups on for the file system.
	// - *`DISABLED`* - Turns automatic backups off for the file system.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-backuppolicy.html#cfn-efs-filesystem-backuppolicy-status
	//
	Status *string `field:"required" json:"status" yaml:"status"`
}

The backup policy turns automatic backups for the file system on or off.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

backupPolicyProperty := &BackupPolicyProperty{
	Status: jsii.String("status"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-backuppolicy.html

type CfnFileSystem_ElasticFileSystemTagProperty

type CfnFileSystem_ElasticFileSystemTagProperty struct {
	// The tag key (String).
	//
	// The key can't start with `aws:` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-elasticfilesystemtag.html#cfn-efs-filesystem-elasticfilesystemtag-key
	//
	Key *string `field:"required" json:"key" yaml:"key"`
	// The value of the tag key.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-elasticfilesystemtag.html#cfn-efs-filesystem-elasticfilesystemtag-value
	//
	Value *string `field:"required" json:"value" yaml:"value"`
}

A tag is a key-value pair attached to a file system.

Allowed characters in the `Key` and `Value` properties are letters, white space, and numbers that can be represented in UTF-8, and the following characters: `+ - = . _ : /`

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

elasticFileSystemTagProperty := &ElasticFileSystemTagProperty{
	Key: jsii.String("key"),
	Value: jsii.String("value"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-elasticfilesystemtag.html

type CfnFileSystem_LifecyclePolicyProperty

type CfnFileSystem_LifecyclePolicyProperty struct {
	// Describes the period of time that a file is not accessed, after which it transitions to IA storage.
	//
	// Metadata operations such as listing the contents of a directory don't count as file access events.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-lifecyclepolicy.html#cfn-efs-filesystem-lifecyclepolicy-transitiontoia
	//
	TransitionToIa *string `field:"optional" json:"transitionToIa" yaml:"transitionToIa"`
	// Describes when to transition a file from IA storage to primary storage.
	//
	// Metadata operations such as listing the contents of a directory don't count as file access events.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-lifecyclepolicy.html#cfn-efs-filesystem-lifecyclepolicy-transitiontoprimarystorageclass
	//
	TransitionToPrimaryStorageClass *string `field:"optional" json:"transitionToPrimaryStorageClass" yaml:"transitionToPrimaryStorageClass"`
}

Describes a policy used by EFS lifecycle management and EFS Intelligent-Tiering that specifies when to transition files into and out of the file system's Infrequent Access (IA) storage class.

For more information, see [EFS Intelligent‐Tiering and EFS Lifecycle Management](https://docs.aws.amazon.com/efs/latest/ug/lifecycle-management-efs.html) .

> - Each `LifecyclePolicy` object can have only a single transition. This means that in a request body, `LifecyclePolicies` must be structured as an array of `LifecyclePolicy` objects, one object for each transition, `TransitionToIA` , `TransitionToPrimaryStorageClass` . > - See the AWS::EFS::FileSystem examples for the correct `LifecyclePolicy` structure. Do not use the syntax shown on this page.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

lifecyclePolicyProperty := &LifecyclePolicyProperty{
	TransitionToIa: jsii.String("transitionToIa"),
	TransitionToPrimaryStorageClass: jsii.String("transitionToPrimaryStorageClass"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-lifecyclepolicy.html

type CfnFileSystem_ReplicationConfigurationProperty added in v2.97.0

type CfnFileSystem_ReplicationConfigurationProperty struct {
	// An array of destination objects.
	//
	// Only one destination object is supported.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-replicationconfiguration.html#cfn-efs-filesystem-replicationconfiguration-destinations
	//
	Destinations interface{} `field:"optional" json:"destinations" yaml:"destinations"`
}

Describes the replication configuration for a specific file system.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

replicationConfigurationProperty := &ReplicationConfigurationProperty{
	Destinations: []interface{}{
		&ReplicationDestinationProperty{
			AvailabilityZoneName: jsii.String("availabilityZoneName"),
			FileSystemId: jsii.String("fileSystemId"),
			KmsKeyId: jsii.String("kmsKeyId"),
			Region: jsii.String("region"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-replicationconfiguration.html

type CfnFileSystem_ReplicationDestinationProperty added in v2.97.0

type CfnFileSystem_ReplicationDestinationProperty struct {
	// The AWS Availability Zone in which to create the file system.
	//
	// > For file systems using One Zone storage classes, the replication configuration must specify the Availability Zone in which the destination file system is located.
	//
	// Use the format `us-east-1a` to specify the Availability Zone. For more information about One Zone storage classes, see [Using EFS storage classes](https://docs.aws.amazon.com/efs/latest/ug/storage-classes.html) in the *Amazon EFS User Guide* .
	//
	// > One Zone storage classes are not available in all Availability Zones in AWS Regions where Amazon EFS is available.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-replicationdestination.html#cfn-efs-filesystem-replicationdestination-availabilityzonename
	//
	AvailabilityZoneName *string `field:"optional" json:"availabilityZoneName" yaml:"availabilityZoneName"`
	// The ID of the destination Amazon EFS file system.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-replicationdestination.html#cfn-efs-filesystem-replicationdestination-filesystemid
	//
	FileSystemId *string `field:"optional" json:"fileSystemId" yaml:"fileSystemId"`
	// The ID of an AWS KMS key used to protect the encrypted file system.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-replicationdestination.html#cfn-efs-filesystem-replicationdestination-kmskeyid
	//
	KmsKeyId *string `field:"optional" json:"kmsKeyId" yaml:"kmsKeyId"`
	// The AWS Region in which the destination file system is located.
	//
	// > For file systems using Standard storage classes, the replication configuration must specify the AWS Region in which the destination file system is located.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-replicationdestination.html#cfn-efs-filesystem-replicationdestination-region
	//
	Region *string `field:"optional" json:"region" yaml:"region"`
}

Describes the destination file system in the replication configuration.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

replicationDestinationProperty := &ReplicationDestinationProperty{
	AvailabilityZoneName: jsii.String("availabilityZoneName"),
	FileSystemId: jsii.String("fileSystemId"),
	KmsKeyId: jsii.String("kmsKeyId"),
	Region: jsii.String("region"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-replicationdestination.html

type CfnMountTarget

type CfnMountTarget interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// The ID of the Amazon EFS file system that the mount target provides access to.
	//
	// Example: `fs-0123456789111222a`.
	AttrId() *string
	// The IPv4 address of the mount target.
	//
	// Example: 192.0.2.0
	AttrIpAddress() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The ID of the file system for which to create the mount target.
	FileSystemId() *string
	SetFileSystemId(val *string)
	// Valid IPv4 address within the address range of the specified subnet.
	IpAddress() *string
	SetIpAddress(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// Up to five VPC security group IDs, of the form `sg-xxxxxxxx` .
	SecurityGroups() *[]*string
	SetSecurityGroups(val *[]*string)
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// The ID of the subnet to add the mount target in.
	SubnetId() *string
	SetSubnetId(val *string)
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::EFS::MountTarget` resource is an Amazon EFS resource that creates a mount target for an EFS file system.

You can then mount the file system on Amazon EC2 instances or other resources by using the mount target.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnMountTarget := awscdk.Aws_efs.NewCfnMountTarget(this, jsii.String("MyCfnMountTarget"), &CfnMountTargetProps{
	FileSystemId: jsii.String("fileSystemId"),
	SecurityGroups: []*string{
		jsii.String("securityGroups"),
	},
	SubnetId: jsii.String("subnetId"),

	// the properties below are optional
	IpAddress: jsii.String("ipAddress"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html

func NewCfnMountTarget

func NewCfnMountTarget(scope constructs.Construct, id *string, props *CfnMountTargetProps) CfnMountTarget

type CfnMountTargetProps

type CfnMountTargetProps struct {
	// The ID of the file system for which to create the mount target.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html#cfn-efs-mounttarget-filesystemid
	//
	FileSystemId *string `field:"required" json:"fileSystemId" yaml:"fileSystemId"`
	// Up to five VPC security group IDs, of the form `sg-xxxxxxxx` .
	//
	// These must be for the same VPC as subnet specified.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html#cfn-efs-mounttarget-securitygroups
	//
	SecurityGroups *[]*string `field:"required" json:"securityGroups" yaml:"securityGroups"`
	// The ID of the subnet to add the mount target in.
	//
	// For file systems that use One Zone storage classes, use the subnet that is associated with the file system's Availability Zone.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html#cfn-efs-mounttarget-subnetid
	//
	SubnetId *string `field:"required" json:"subnetId" yaml:"subnetId"`
	// Valid IPv4 address within the address range of the specified subnet.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html#cfn-efs-mounttarget-ipaddress
	//
	IpAddress *string `field:"optional" json:"ipAddress" yaml:"ipAddress"`
}

Properties for defining a `CfnMountTarget`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnMountTargetProps := &CfnMountTargetProps{
	FileSystemId: jsii.String("fileSystemId"),
	SecurityGroups: []*string{
		jsii.String("securityGroups"),
	},
	SubnetId: jsii.String("subnetId"),

	// the properties below are optional
	IpAddress: jsii.String("ipAddress"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html

type FileSystem

type FileSystem interface {
	awscdk.Resource
	IFileSystem
	// The security groups/rules used to allow network connections to the file system.
	Connections() awsec2.Connections
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The ARN of the file system.
	FileSystemArn() *string
	// The ID of the file system, assigned by Amazon EFS.
	FileSystemId() *string
	// Dependable that can be depended upon to ensure the mount targets of the filesystem are ready.
	MountTargetsAvailable() constructs.IDependable
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// create access point from this filesystem.
	AddAccessPoint(id *string, accessPointOptions *AccessPointOptions) AccessPoint
	// Adds a statement to the resource policy associated with this file system.
	//
	// A resource policy will be automatically created upon the first call to `addToResourcePolicy`.
	//
	// Note that this does not work with imported file systems.
	AddToResourcePolicy(statement awsiam.PolicyStatement) *awsiam.AddToResourcePolicyResult
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Grant the actions defined in actions to the given grantee on this File System resource.
	Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant
	// Grant read permissions for this file system to an IAM principal.
	GrantRead(grantee awsiam.IGrantable) awsiam.Grant
	// Grant read and write permissions for this file system to an IAM principal.
	GrantReadWrite(grantee awsiam.IGrantable) awsiam.Grant
	// As root user, grant read and write permissions for this file system to an IAM principal.
	GrantRootAccess(grantee awsiam.IGrantable) awsiam.Grant
	// Returns a string representation of this construct.
	ToString() *string
}

The Elastic File System implementation of IFileSystem.

It creates a new, empty file system in Amazon Elastic File System (Amazon EFS). It also creates mount target (AWS::EFS::MountTarget) implicitly to mount the EFS file system on an Amazon Elastic Compute Cloud (Amazon EC2) instance or another resource.

Example:

import "github.com/aws/aws-cdk-go/awscdk"

role := iam.NewRole(this, jsii.String("ClientRole"), &RoleProps{
	AssumedBy: iam.NewAnyPrincipal(),
})
fileSystem := efs.NewFileSystem(this, jsii.String("MyEfsFileSystem"), &FileSystemProps{
	Vpc: ec2.NewVpc(this, jsii.String("VPC")),
	AllowAnonymousAccess: jsii.Boolean(true),
})

fileSystem.grantRead(role)

See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html

func NewFileSystem

func NewFileSystem(scope constructs.Construct, id *string, props *FileSystemProps) FileSystem

Constructor for creating a new EFS FileSystem.

type FileSystemAttributes

type FileSystemAttributes struct {
	// The security group of the file system.
	SecurityGroup awsec2.ISecurityGroup `field:"required" json:"securityGroup" yaml:"securityGroup"`
	// The File System's Arn.
	// Default: - determined based on fileSystemId.
	//
	FileSystemArn *string `field:"optional" json:"fileSystemArn" yaml:"fileSystemArn"`
	// The File System's ID.
	// Default: - determined based on fileSystemArn.
	//
	FileSystemId *string `field:"optional" json:"fileSystemId" yaml:"fileSystemId"`
}

Properties that describe an existing EFS file system.

Example:

import iam "github.com/aws/aws-cdk-go/awscdk"

importedFileSystem := efs.FileSystem_FromFileSystemAttributes(this, jsii.String("existingFS"), &FileSystemAttributes{
	FileSystemId: jsii.String("fs-12345678"),
	 // You can also use fileSystemArn instead of fileSystemId.
	SecurityGroup: ec2.SecurityGroup_FromSecurityGroupId(this, jsii.String("SG"), jsii.String("sg-123456789"), &SecurityGroupImportOptions{
		AllowAllOutbound: jsii.Boolean(false),
	}),
})

type FileSystemProps

type FileSystemProps struct {
	// VPC to launch the file system in.
	Vpc awsec2.IVpc `field:"required" json:"vpc" yaml:"vpc"`
	// Allow access from anonymous client that doesn't use IAM authentication.
	// Default: false when using `grantRead`, `grantWrite`, `grantRootAccess`
	// or set `@aws-cdk/aws-efs:denyAnonymousAccess` feature flag, otherwise true.
	//
	AllowAnonymousAccess *bool `field:"optional" json:"allowAnonymousAccess" yaml:"allowAnonymousAccess"`
	// Whether to enable automatic backups for the file system.
	// Default: false.
	//
	EnableAutomaticBackups *bool `field:"optional" json:"enableAutomaticBackups" yaml:"enableAutomaticBackups"`
	// Defines if the data at rest in the file system is encrypted or not.
	// Default: - If your application has the '@aws-cdk/aws-efs:defaultEncryptionAtRest' feature flag set, the default is true, otherwise, the default is false.
	//
	Encrypted *bool `field:"optional" json:"encrypted" yaml:"encrypted"`
	// The file system's name.
	// Default: - CDK generated name.
	//
	FileSystemName *string `field:"optional" json:"fileSystemName" yaml:"fileSystemName"`
	// File system policy is an IAM resource policy used to control NFS access to an EFS file system.
	// Default: none.
	//
	FileSystemPolicy awsiam.PolicyDocument `field:"optional" json:"fileSystemPolicy" yaml:"fileSystemPolicy"`
	// The KMS key used for encryption.
	//
	// This is required to encrypt the data at rest if.
	// Default: - if 'encrypted' is true, the default key for EFS (/aws/elasticfilesystem) is used.
	//
	KmsKey awskms.IKey `field:"optional" json:"kmsKey" yaml:"kmsKey"`
	// A policy used by EFS lifecycle management to transition files to the Infrequent Access (IA) storage class.
	// Default: - None. EFS will not transition files to the IA storage class.
	//
	LifecyclePolicy LifecyclePolicy `field:"optional" json:"lifecyclePolicy" yaml:"lifecyclePolicy"`
	// A policy used by EFS lifecycle management to transition files from Infrequent Access (IA) storage class to primary storage class.
	// Default: - None. EFS will not transition files from IA storage to primary storage.
	//
	OutOfInfrequentAccessPolicy OutOfInfrequentAccessPolicy `field:"optional" json:"outOfInfrequentAccessPolicy" yaml:"outOfInfrequentAccessPolicy"`
	// The performance mode that the file system will operate under.
	//
	// An Amazon EFS file system's performance mode can't be changed after the file system has been created.
	// Updating this property will replace the file system.
	// Default: PerformanceMode.GENERAL_PURPOSE
	//
	PerformanceMode PerformanceMode `field:"optional" json:"performanceMode" yaml:"performanceMode"`
	// Provisioned throughput for the file system.
	//
	// This is a required property if the throughput mode is set to PROVISIONED.
	// Must be at least 1MiB/s.
	// Default: - none, errors out.
	//
	ProvisionedThroughputPerSecond awscdk.Size `field:"optional" json:"provisionedThroughputPerSecond" yaml:"provisionedThroughputPerSecond"`
	// The removal policy to apply to the file system.
	// Default: RemovalPolicy.RETAIN
	//
	RemovalPolicy awscdk.RemovalPolicy `field:"optional" json:"removalPolicy" yaml:"removalPolicy"`
	// Security Group to assign to this file system.
	// Default: - creates new security group which allows all outbound traffic.
	//
	SecurityGroup awsec2.ISecurityGroup `field:"optional" json:"securityGroup" yaml:"securityGroup"`
	// Enum to mention the throughput mode of the file system.
	// Default: ThroughputMode.BURSTING
	//
	ThroughputMode ThroughputMode `field:"optional" json:"throughputMode" yaml:"throughputMode"`
	// Which subnets to place the mount target in the VPC.
	// Default: - the Vpc default strategy if not specified.
	//
	VpcSubnets *awsec2.SubnetSelection `field:"optional" json:"vpcSubnets" yaml:"vpcSubnets"`
}

Properties of EFS FileSystem.

Example:

import "github.com/aws/aws-cdk-go/awscdk"

role := iam.NewRole(this, jsii.String("ClientRole"), &RoleProps{
	AssumedBy: iam.NewAnyPrincipal(),
})
fileSystem := efs.NewFileSystem(this, jsii.String("MyEfsFileSystem"), &FileSystemProps{
	Vpc: ec2.NewVpc(this, jsii.String("VPC")),
	AllowAnonymousAccess: jsii.Boolean(true),
})

fileSystem.grantRead(role)

type IAccessPoint

type IAccessPoint interface {
	awscdk.IResource
	// The ARN of the AccessPoint.
	AccessPointArn() *string
	// The ID of the AccessPoint.
	AccessPointId() *string
	// The EFS file system.
	FileSystem() IFileSystem
}

Represents an EFS AccessPoint.

func AccessPoint_FromAccessPointAttributes

func AccessPoint_FromAccessPointAttributes(scope constructs.Construct, id *string, attrs *AccessPointAttributes) IAccessPoint

Import an existing Access Point by attributes.

func AccessPoint_FromAccessPointId

func AccessPoint_FromAccessPointId(scope constructs.Construct, id *string, accessPointId *string) IAccessPoint

Import an existing Access Point by id.

type IFileSystem

type IFileSystem interface {
	awsec2.IConnectable
	awsiam.IResourceWithPolicy
	// Grant the actions defined in actions to the given grantee on this File System resource.
	Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant
	// Grant read permissions for this file system to an IAM principal.
	GrantRead(grantee awsiam.IGrantable) awsiam.Grant
	// Grant read and write permissions for this file system to an IAM principal.
	GrantReadWrite(grantee awsiam.IGrantable) awsiam.Grant
	// As root user, grant read and write permissions for this file system to an IAM principal.
	GrantRootAccess(grantee awsiam.IGrantable) awsiam.Grant
	// The ARN of the file system.
	FileSystemArn() *string
	// The ID of the file system, assigned by Amazon EFS.
	FileSystemId() *string
	// Dependable that can be depended upon to ensure the mount targets of the filesystem are ready.
	MountTargetsAvailable() constructs.IDependable
}

Represents an Amazon EFS file system.

func FileSystem_FromFileSystemAttributes

func FileSystem_FromFileSystemAttributes(scope constructs.Construct, id *string, attrs *FileSystemAttributes) IFileSystem

Import an existing File System from the given properties.

type LifecyclePolicy

type LifecyclePolicy string

EFS Lifecycle Policy, if a file is not accessed for given days, it will move to EFS Infrequent Access.

Example:

fileSystem := efs.NewFileSystem(this, jsii.String("MyEfsFileSystem"), &FileSystemProps{
	Vpc: ec2.NewVpc(this, jsii.String("VPC")),
	LifecyclePolicy: efs.LifecyclePolicy_AFTER_14_DAYS,
	 // files are not transitioned to infrequent access (IA) storage by default
	PerformanceMode: efs.PerformanceMode_GENERAL_PURPOSE,
	 // default
	OutOfInfrequentAccessPolicy: efs.OutOfInfrequentAccessPolicy_AFTER_1_ACCESS,
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-elasticfilesystem-filesystem-lifecyclepolicies

const (
	// After 1 day of not being accessed.
	LifecyclePolicy_AFTER_1_DAY LifecyclePolicy = "AFTER_1_DAY"
	// After 7 days of not being accessed.
	LifecyclePolicy_AFTER_7_DAYS LifecyclePolicy = "AFTER_7_DAYS"
	// After 14 days of not being accessed.
	LifecyclePolicy_AFTER_14_DAYS LifecyclePolicy = "AFTER_14_DAYS"
	// After 30 days of not being accessed.
	LifecyclePolicy_AFTER_30_DAYS LifecyclePolicy = "AFTER_30_DAYS"
	// After 60 days of not being accessed.
	LifecyclePolicy_AFTER_60_DAYS LifecyclePolicy = "AFTER_60_DAYS"
	// After 90 days of not being accessed.
	LifecyclePolicy_AFTER_90_DAYS LifecyclePolicy = "AFTER_90_DAYS"
)

type OutOfInfrequentAccessPolicy added in v2.4.0

type OutOfInfrequentAccessPolicy string

EFS Out Of Infrequent Access Policy, if a file is accessed given times, it will move back to primary storage class.

Example:

fileSystem := efs.NewFileSystem(this, jsii.String("MyEfsFileSystem"), &FileSystemProps{
	Vpc: ec2.NewVpc(this, jsii.String("VPC")),
	LifecyclePolicy: efs.LifecyclePolicy_AFTER_14_DAYS,
	 // files are not transitioned to infrequent access (IA) storage by default
	PerformanceMode: efs.PerformanceMode_GENERAL_PURPOSE,
	 // default
	OutOfInfrequentAccessPolicy: efs.OutOfInfrequentAccessPolicy_AFTER_1_ACCESS,
})

See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-lifecyclepolicy.html#cfn-efs-filesystem-lifecyclepolicy-transitiontoprimarystorageclass

const (
	// After 1 access.
	OutOfInfrequentAccessPolicy_AFTER_1_ACCESS OutOfInfrequentAccessPolicy = "AFTER_1_ACCESS"
)

type PerformanceMode

type PerformanceMode string

EFS Performance mode.

Example:

fileSystem := efs.NewFileSystem(this, jsii.String("MyEfsFileSystem"), &FileSystemProps{
	Vpc: ec2.NewVpc(this, jsii.String("VPC")),
	LifecyclePolicy: efs.LifecyclePolicy_AFTER_14_DAYS,
	 // files are not transitioned to infrequent access (IA) storage by default
	PerformanceMode: efs.PerformanceMode_GENERAL_PURPOSE,
	 // default
	OutOfInfrequentAccessPolicy: efs.OutOfInfrequentAccessPolicy_AFTER_1_ACCESS,
})

See: https://docs.aws.amazon.com/efs/latest/ug/performance.html#performancemodes

const (
	// General Purpose is ideal for latency-sensitive use cases, like web serving environments, content management systems, home directories, and general file serving.
	//
	// Recommended for the majority of Amazon EFS file systems.
	PerformanceMode_GENERAL_PURPOSE PerformanceMode = "GENERAL_PURPOSE"
	// File systems in the Max I/O mode can scale to higher levels of aggregate throughput and operations per second.
	//
	// This scaling is done with a tradeoff
	// of slightly higher latencies for file metadata operations.
	// Highly parallelized applications and workloads, such as big data analysis,
	// media processing, and genomics analysis, can benefit from this mode.
	PerformanceMode_MAX_IO PerformanceMode = "MAX_IO"
)

type PosixUser

type PosixUser struct {
	// The POSIX group ID used for all file system operations using this access point.
	Gid *string `field:"required" json:"gid" yaml:"gid"`
	// The POSIX user ID used for all file system operations using this access point.
	Uid *string `field:"required" json:"uid" yaml:"uid"`
	// Secondary POSIX group IDs used for all file system operations using this access point.
	// Default: - None.
	//
	SecondaryGids *[]*string `field:"optional" json:"secondaryGids" yaml:"secondaryGids"`
}

Represents the PosixUser.

Example:

import ec2 "github.com/aws/aws-cdk-go/awscdk"
import efs "github.com/aws/aws-cdk-go/awscdk"

// create a new VPC
vpc := ec2.NewVpc(this, jsii.String("VPC"))

// create a new Amazon EFS filesystem
fileSystem := efs.NewFileSystem(this, jsii.String("Efs"), &FileSystemProps{
	Vpc: Vpc,
})

// create a new access point from the filesystem
accessPoint := fileSystem.AddAccessPoint(jsii.String("AccessPoint"), &AccessPointOptions{
	// set /export/lambda as the root of the access point
	Path: jsii.String("/export/lambda"),
	// as /export/lambda does not exist in a new efs filesystem, the efs will create the directory with the following createAcl
	CreateAcl: &Acl{
		OwnerUid: jsii.String("1001"),
		OwnerGid: jsii.String("1001"),
		Permissions: jsii.String("750"),
	},
	// enforce the POSIX identity so lambda function will access with this identity
	PosixUser: &PosixUser{
		Uid: jsii.String("1001"),
		Gid: jsii.String("1001"),
	},
})

fn := lambda.NewFunction(this, jsii.String("MyLambda"), &FunctionProps{
	// mount the access point to /mnt/msg in the lambda runtime environment
	Filesystem: lambda.FileSystem_FromEfsAccessPoint(accessPoint, jsii.String("/mnt/msg")),
	Runtime: lambda.Runtime_NODEJS_18_X(),
	Handler: jsii.String("index.handler"),
	Code: lambda.Code_FromAsset(path.join(__dirname, jsii.String("lambda-handler"))),
	Vpc: Vpc,
})

type ThroughputMode

type ThroughputMode string

EFS Throughput mode. See: https://docs.aws.amazon.com/efs/latest/ug/performance.html#throughput-modes

const (
	// This mode scales as the size of the file system in the standard storage class grows.
	ThroughputMode_BURSTING ThroughputMode = "BURSTING"
	// This mode can instantly provision the throughput of the file system (in MiB/s) independent of the amount of data stored.
	ThroughputMode_PROVISIONED ThroughputMode = "PROVISIONED"
	// This mode scales the throughput automatically regardless of file system size.
	ThroughputMode_ELASTIC ThroughputMode = "ELASTIC"
)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL