Resource: awsEfsFileSystemPolicy
Provides an Elastic File System (EFS) File System Policy resource.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsEfsFileSystemFs = new aws.efsFileSystem.EfsFileSystem(this, "fs", {
creationToken: "my-product",
});
const dataAwsIamPolicyDocumentPolicy =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "policy", {
statement: [
{
actions: [
"elasticfilesystem:ClientMount",
"elasticfilesystem:ClientWrite",
],
condition: [
{
test: "Bool",
values: ["true"],
variable: "aws:SecureTransport",
},
],
effect: "Allow",
principals: [
{
identifiers: ["*"],
type: "AWS",
},
],
resources: [awsEfsFileSystemFs.arn],
sid: "ExampleStatement01",
},
],
});
const awsEfsFileSystemPolicyPolicy =
new aws.efsFileSystemPolicy.EfsFileSystemPolicy(this, "policy_2", {
bypassPolicyLockoutSafetyCheck: true,
fileSystemId: awsEfsFileSystemFs.id,
policy: dataAwsIamPolicyDocumentPolicy.json,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsEfsFileSystemPolicyPolicy.overrideLogicalId("policy");
Argument Reference
The following arguments are supported:
fileSystemId
- (Required) The ID of the EFS file system.bypassPolicyLockoutSafetyCheck
- (Optional) A flag to indicate whether to bypass theawsEfsFileSystemPolicy
lockout safety check. The policy lockout safety check determines whether the policy in the request will prevent the principal making the request will be locked out from making futureputFileSystemPolicy
requests on the file system. SetbypassPolicyLockoutSafetyCheck
totrue
only when you intend to prevent the principal that is making the request from making a subsequentputFileSystemPolicy
request on the file system. The default value isfalse
.policy
- (Required) The JSON formatted file system policy for the EFS file system. see Docs for more info.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The ID that identifies the file system (e.g., fs-ccfc0d65).
Import
The EFS file system policies can be imported using the id
, e.g.,