EFS Security Controls: EFS File System with Custom Policy

My Saved Presets

Creates an AWS EFS file system and attaches a custom IAM policy that allows secure transport for mounting and writing operations.

Terraform Template

data "aws_iam_policy_document" "policy" {

  statement {
    actions = ["elasticfilesystem:ClientMount", "elasticfilesystem:ClientWrite"]

    condition {
      test = "Bool"
      values = ["true"]
      variable = "aws:SecureTransport"
    }
    effect = "Allow"

    principals {
      identifiers = [*]
      type = "AWS"
    }
    resources = [aws_efs_file_system.fs.arn]
    sid = "ExampleStatement01"
  }
}

resource "aws_efs_file_system" "fs" {
  creation_token = "my-product"
}

resource "aws_efs_file_system_policy" "policy" {
  file_system_id = aws_efs_file_system.fs.id
  policy = data.aws_iam_policy_document.policy.json
}

Loading Library ...

EFS File System with Custom Policy

fs

depends_on

ignore_changes

replace_triggered_by

policy

depends_on

ignore_changes

replace_triggered_by

policy

override_policy_documents

source_policy_documents

actions

values

not_actions

identifiers

not_resources

identifiers

resources

depends_on

ignore_changes

replace_triggered_by

Terraform Template