Amazon Elastic File System (EFS)

1. Introduction

Amazon EFS is designed to simplify file storage management for modern applications. By providing a managed NFS, EFS enables multiple EC2 instances—often distributed across different availability zones—to share a common file system. This chapter details the technical characteristics of EFS, including its scalability, performance modes, storage classes, lifecycle management, security features, and operational practices. It also highlights the key benefits and limitations of using EFS compared to other storage solutions, such as Amazon EBS.

2. What is EFS?

Amazon EFS is a managed file storage service built on the NFS protocol. It is engineered to be mounted concurrently on many EC2 instances, even if they reside in different availability zones. The core attributes of EFS include:

Managed NFS Service: A fully managed network file system that abstracts infrastructure complexity.
Scalability: Automatically grows as data is added, with no need to provision capacity in advance.
Linux Compatibility: Designed for Linux-based Amazon Machine Images (AMIs), making use of the standard POSIX file API.
High Availability: Multiple mount targets across availability zones ensure that the file system remains accessible even during infrastructure failures.

3. Key Benefits and Limitations

Benefits

High Scalability and Elasticity: EFS scales automatically from gigabytes to petabytes, allowing thousands of concurrent NFS clients.
Managed and Highly Available: The service is managed by AWS, relieving users of operational overhead, and its multi-AZ architecture enhances reliability.
Pay-per-Use Pricing: Users are charged based on the amount of data stored, eliminating the need for upfront capacity planning.
Interoperability: Multiple EC2 instances can mount the same file system simultaneously, making it ideal for distributed applications.

Limitations

Cost: EFS can be relatively expensive compared to other storage options (e.g., about three times the cost of a GP2 EBS volume).
Platform Compatibility: EFS is only compatible with Linux-based systems; Windows environments are not supported.
Performance Trade-offs: While offering high throughput and concurrency, some performance modes may incur higher latency, particularly when configured for maximum throughput.

4. Performance and Throughput

EFS performance is customizable to suit a variety of application workloads. Two key aspects of performance configuration include performance modes and throughput modes.

4.1. Performance Modes (General Purpose, Max I/O)

General Purpose Mode:
- Default Mode: Optimized for low latency and is well-suited for latency-sensitive applications such as web servers and content management systems.
- Use Case: Ideal for applications where the response time is critical, and typical NFS workloads are involved.
Max I/O Mode:
- Optimized for Throughput: Provides higher throughput and supports high levels of parallelism.
- Trade-off: Comes with higher latency compared to General Purpose mode.
- Use Case: Best for big data applications or media processing tasks that require maximum throughput even if they tolerate higher latency.

4.2. Throughput Modes: Bursting, Provisioned, Elastic

Bursting Throughput Mode:
- Dynamic Scaling: Throughput scales automatically with the amount of data stored. For instance, with around one terabyte of storage, a baseline throughput of approximately 50 MB/s can burst to 100 MB/s.
- Ideal For: Workloads with variable throughput requirements.
Provisioned Throughput Mode:
- Decoupled Throughput: Enables users to specify throughput independently of the storage size. This mode can offer, for example, a consistent 1 GB/s for a specific storage amount.
- Ideal For: Applications that require predictable, high throughput regardless of the file system size.
Elastic Throughput Mode:
- Automatic Scaling: Adjusts throughput up or down based on the current workload. This flexibility can provide up to 3 GB/s for read operations and 1 GB/s for write operations.
- Ideal For: Unpredictable workloads where throughput demands vary significantly over time.

5. Storage Classes and Lifecycle Management

5.1. Storage Classes

Feature	EFS Standard	EFS Infrequent Access	EFS Archive
Designed for	Active data requiring fast sub-millisecond latency performance	Inactive data that is accessed a few times each month	Inactive data that is accessed a few times each year or less
First byte read latency	Sub-millisecond	Tens of milliseconds	Tens of milliseconds
Durability (designed for)	99.999999999% (Regional)	99.999999999% (Regional)	99.999999999% (Regional)
Availability SLA	99.9% (Regional), 99.9% (One Zone)	99.9% (Regional), 99.9% (One Zone)	99.9% (Regional), 99.9% (One Zone)
Availability zones	≥3 (Regional), ≥1 (One Zone)	≥3 (Regional), ≥1 (One Zone)	≥3 (Regional), ≥1 (One Zone)
Minimum billing charge per file	Not applicable	128 KiB	128 KiB
Minimum storage duration	Not applicable	30 days	90 days

5.2. Lifecycle Management

EFS Lifecycle Management is a feature of Amazon Elastic File System (EFS) that helps you automatically transition data between storage classes based on how frequently the data is accessed. This helps optimize storage costs by moving less frequently accessed files to lower-cost storage classes.

6. Security and Access Control

6.1. Encryption

Amazon EFS supports two types of encryption:

Encryption at Rest:
- Immutable Setting: When you create an EFS file system, you choose whether to enable encryption at rest. Once set, this configuration cannot be changed later. In other words, you cannot “flip a switch” on an existing file system to make an unencrypted file system encrypted (or vice versa).
- Changing the Encryption State: To change the encryption state, you must create a new file system with the desired configuration (encrypted or unencrypted) and then migrate your data. Tools like AWS DataSync, EFS-to-EFS copy methods, or other migration techniques can be used to perform the data transfer.
Encryption in Transit:
- TLS for Data Transfers: Regardless of the file system’s encryption-at-rest setting, you can secure data in transit by using TLS when mounting your file system. This ensures that data moving between your client and the file system is encrypted.

6.2. EFS Access Points

EFS Access Points are a feature of Amazon Elastic File System that provide application-specific entry points into your file system. They let you:

Set a Custom Root Directory: Define a unique directory for each access point, which isolates the application's view of the file system.
Enforce POSIX User and Group IDs: Specify a default POSIX user and group that is used for all file operations made through the access point.
Simplify Permission Management: Apply custom file and directory permissions, ensuring that each application or container accesses only the intended part of the file system.
Support Multi-Tenant Environments: Facilitate secure, isolated access for multiple applications or users sharing the same file system.

In summary, EFS Access Points simplify and secure file system access by enabling you to customize the access parameters for different workloads, thereby making it easier to manage shared storage in a multi-tenant environment.

6.3. IAM Permissions

Integration with AWS Identity and Access Management (IAM) allows for fine-grained access control to EFS resources. IAM policies can be used to regulate access at the level of EFS access points and mount targets, ensuring that only authorized entities can interact with the file system.

7. Monitoring

Amazon EFS integrates closely with AWS monitoring tools to provide detailed insights into file system performance, usage, and health. Here’s how monitoring works in EFS:

CloudWatch Metrics:
EFS automatically sends key performance and utilization metrics to Amazon CloudWatch. These include metrics like burst credit balance, throughput, IOPS, data read/write operations, and storage bytes, which are available at one-minute resolution. You can use these metrics to monitor performance trends and set up CloudWatch alarms for proactive alerts.
CloudWatch Alarms:
By configuring CloudWatch alarms based on EFS metrics, you can receive notifications if performance thresholds are breached. This helps in quickly addressing any potential issues before they impact your applications.
Integration with CloudTrail:
For security and operational auditing, AWS CloudTrail logs API calls made to EFS. This enables you to track changes and access patterns over time.
Granular Visibility:
The combination of CloudWatch and CloudTrail provides comprehensive visibility into both the operational performance and the security-related activities of your EFS file systems, making it easier to manage and optimize your storage environment.

These monitoring capabilities ensure that you have real-time insights and can react quickly to any performance or security issues in your Amazon EFS deployment.

8. Cross Region Replication

EFS Cross Region Replication is an AWS feature that automatically replicates your Amazon EFS file system data from one AWS region to another. This replication is performed asynchronously, meaning that changes made in the source file system are copied over to the destination region with minimal delay, providing a near-real-time backup.

9. EFS vs. Other AWS Storage Services

Understanding the differences between Amazon EFS and other storage services is key to selecting the right solution for your application needs.

Feature	Amazon EFS (Elastic File System)	Amazon EBS (Elastic Block Store)	Amazon S3 (Simple Storage Service)	Amazon FSx
Storage Type	Managed file storage (NFS-based)	Block storage	Object storage	Managed file storage (Windows File Server or Lustre)
Access Method	NFS protocol	Attached as a disk to an EC2 instance	REST API, SDK, AWS Console	SMB for Windows or specialized protocols for Lustre
Scalability	Automatically scales based on file usage	Manually provisioned volumes; requires resizing	Virtually unlimited; scales automatically	Scales to meet workload requirements
Primary Use Cases	Shared file access for multiple instances, content management, development environments	OS storage, databases, transactional workloads	Data lakes, backups, static website hosting, archival	Enterprise Windows environments or high-performance computing (HPC) with Lustre
Performance Characteristics	Low latency file operations; options for standard or infrequent access tiers	Consistent, low-latency IOPS tailored to the instance	Optimized for high throughput rather than low-latency file operations	High-performance computing or Windows-native workloads
Pricing Model	Based on storage used and access frequency (standard vs IA/Archive tiers)	Based on provisioned capacity, IOPS, and usage	Pay for storage used and data transfer	Based on capacity and performance characteristics

10. Conclusion

Amazon Elastic File System (EFS) is a fully managed, scalable file storage service designed for use with AWS Cloud services and on-premises resources. It offers a simple, elastic, and highly available file system that supports the NFS protocol, making it easy to share data across multiple instances and applications. EFS automatically scales to meet your storage needs, provides low latency file operations, and integrates with AWS monitoring and security tools to ensure data durability and performance.

1. Introduction​

2. What is EFS?​

3. Key Benefits and Limitations​

Benefits​

Limitations​

4. Performance and Throughput​

4.1. Performance Modes (General Purpose, Max I/O)​

4.2. Throughput Modes: Bursting, Provisioned, Elastic​

5. Storage Classes and Lifecycle Management​

5.1. Storage Classes​

5.2. Lifecycle Management​

6. Security and Access Control​

6.1. Encryption​

6.2. EFS Access Points​

6.3. IAM Permissions​

7. Monitoring​

8. Cross Region Replication​

9. EFS vs. Other AWS Storage Services​

10. Conclusion​