-
Notifications
You must be signed in to change notification settings - Fork 2
/
EFSWithMountTarget.yml
91 lines (90 loc) · 2.84 KB
/
EFSWithMountTarget.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
AWSTemplateFormatVersion: '2010-09-09'
Description: Creates an EFS file system with mount targets
Parameters:
VpcId:
Type: AWS::EC2::VPC::Id
Description: VPC in which to create stack
SubnetIdA:
Type: AWS::EC2::Subnet::Id
Description: Subnet in which to create mount target (must be in distinct AZ from other subnets supplied)
SubnetIdB:
Type: AWS::EC2::Subnet::Id
Description: Subnet in which to create mount target (must be in distinct AZ from other subnets supplied)
SubnetIdC:
Type: AWS::EC2::Subnet::Id
Description: Subnet in which to create mount target (must be in distinct AZ from other subnets supplied)
Resources:
FileSystem:
Type: AWS::EFS::FileSystem
Properties:
FileSystemTags:
- Key: Name
Value: !Ref 'AWS::StackName'
MountTargetSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref 'VpcId'
GroupDescription: Security group for mount target
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '2049'
ToPort: '2049'
SourceSecurityGroupId: !Ref 'FileSystemAccessSecurityGroup'
FileSystemAccessSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref 'VpcId'
GroupDescription: Security group for EFS access
MountTargetA:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId: !Ref 'FileSystem'
SubnetId: !Ref 'SubnetIdA'
SecurityGroups:
- !Ref 'MountTargetSecurityGroup'
MountTargetB:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId: !Ref 'FileSystem'
SubnetId: !Ref 'SubnetIdB'
SecurityGroups:
- !Ref 'MountTargetSecurityGroup'
MountTargetC:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId: !Ref 'FileSystem'
SubnetId: !Ref 'SubnetIdC'
SecurityGroups:
- !Ref 'MountTargetSecurityGroup'
Outputs:
VpcId:
Description: VPC ID
Value: !Ref 'VpcId'
Export:
Name: !Sub '${AWS::StackName}-VpcId'
FileSystemId:
Description: ID of the filesystem created
Value: !Ref 'FileSystem'
Export:
Name: !Sub '${AWS::StackName}-FileSystemId'
FSAccessSecurityGroup:
Description: The ID of the Security group which is allowed to access the file
system
Value: !GetAtt [FileSystemAccessSecurityGroup, GroupId]
Export:
Name: !Sub '${AWS::StackName}-FSAccessSecurityGroupID'
SubnetIdA:
Description: Subnet in which mount target A was created
Value: !Ref 'SubnetIdA'
Export:
Name: !Sub '${AWS::StackName}-SubnetIdA'
SubnetIdB:
Description: Subnet in which mount target B was created
Value: !Ref 'SubnetIdB'
Export:
Name: !Sub '${AWS::StackName}-SubnetIdB'
SubnetIdC:
Description: Subnet in which mount target C was created
Value: !Ref 'SubnetIdC'
Export:
Name: !Sub '${AWS::StackName}-SubnetIdC'