Skip to content

Resource: awsEfsFileSystemPolicy

Provides an Elastic File System (EFS) File System Policy resource.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsEfsFileSystemFs = new aws.efsFileSystem.EfsFileSystem(this, "fs", {
  creationToken: "my-product",
});
const dataAwsIamPolicyDocumentPolicy =
  new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "policy", {
    statement: [
      {
        actions: [
          "elasticfilesystem:ClientMount",
          "elasticfilesystem:ClientWrite",
        ],
        condition: [
          {
            test: "Bool",
            values: ["true"],
            variable: "aws:SecureTransport",
          },
        ],
        effect: "Allow",
        principals: [
          {
            identifiers: ["*"],
            type: "AWS",
          },
        ],
        resources: [awsEfsFileSystemFs.arn],
        sid: "ExampleStatement01",
      },
    ],
  });
const awsEfsFileSystemPolicyPolicy =
  new aws.efsFileSystemPolicy.EfsFileSystemPolicy(this, "policy_2", {
    bypassPolicyLockoutSafetyCheck: true,
    fileSystemId: awsEfsFileSystemFs.id,
    policy: dataAwsIamPolicyDocumentPolicy.json,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsEfsFileSystemPolicyPolicy.overrideLogicalId("policy");

Argument Reference

The following arguments are supported:

  • fileSystemId - (Required) The ID of the EFS file system.
  • bypassPolicyLockoutSafetyCheck - (Optional) A flag to indicate whether to bypass the awsEfsFileSystemPolicy lockout safety check. The policy lockout safety check determines whether the policy in the request will prevent the principal making the request will be locked out from making future putFileSystemPolicy requests on the file system. Set bypassPolicyLockoutSafetyCheck to true only when you intend to prevent the principal that is making the request from making a subsequent putFileSystemPolicy request on the file system. The default value is false.
  • policy - (Required) The JSON formatted file system policy for the EFS file system. see Docs for more info.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The ID that identifies the file system (e.g., fs-ccfc0d65).

Import

The EFS file system policies can be imported using the id, e.g.,

$ terraform import aws_efs_file_system_policy.foo fs-6fa144c6