- Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. It is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth.
- File system (vs S3 – object system)
- REGIONAL - Highly available and durable – spread over multi AZ in region
- Can be mounted onto EC2 or on-premises connected into via AWS Direct Connect
- Elastic - Automatically grows and shrinks
- EFS has simple web interface for configuring file systems
- Connections over NFSv4.1 and v4.0; TCP port 2049
- Allow for parallel access to data – multiple systems accessing same data simultaneously vs EBS has only 1 at a time
- However – inbound (multiple) connections from only 1 VPC at a time
- Linux instances only. Once mounted – act like a subfolder. POSIX compliant
- Accessible via dedicated ENI mount target in VPC, one in each AZ
- The mount target provides a DNS for mounting the file system and an underlying IP for NFSv4 endpoint
- The DNS and IP are static – don’t change
- If multiple subnets in VPC – create one mount target in one of the subnets. Other subnets share.
- Recommendation – Mount Target in each AZ
- EC2’s in VPC and ENI both need to have Sec Groups configured
- File system (vs S3 – object system)
- REGIONAL - Highly available and durable – spread over multi AZ in region
- Can be mounted onto EC2 or on-premises connected into via AWS Direct Connect
- Elastic - Automatically grows and shrinks
- EFS has simple web interface for configuring file systems
- Connections over NFSv4.1 and v4.0; TCP port 2049
- Allow for parallel access to data – multiple systems accessing same data simultaneously vs EBS has only 1 at a time
- However – inbound (multiple) connections from only 1 VPC at a time
- Linux instances only. Once mounted – act like a subfolder. POSIX compliant
- Accessible via dedicated ENI mount target in VPC, one in each AZ
- The mount target provides a DNS for mounting the file system and an underlying IP for NFSv4 endpoint
- The DNS and IP are static – don’t change
- If multiple subnets in VPC – create one mount target in one of the subnets. Other subnets share.
- Recommendation – Mount Target in each AZ
- EC2’s in VPC and ENI both need to have Sec Groups configured
- Big Data and analytics – EFS provides scale and performance, read-after-write consistency, low-latency file operations
- Media processing workflows – strong data consistency
- Content management and web serving – durable high throughput file systems for content management
- Home directories – HR etc., many users accessing large file libraries
- Connection - Direct Connect recommended, VPN supported
- To map – better use IP instead of DNS. Double DX connection recommended for resilience.
- Standard – read/write is free, storage chargeable
- Infrequent access – cheaper storage, but pay for i/o
- Can have Lifecycle move date from Standard to Infrequent (for files >128 KB)
- Metadata (filenames, ownership info, directory structure) is always in Standard – even though the actual files can be in Infrequent
- Pay for storage. If DX – pay for connection separately
- Sudo su
- Yum update -y
- Yum install httpd -y
- Systemctl start httpd.service
- Systemctl enable httpd
- Yum install -y amazon-efs-utils
- Mount -t efs -o tls<efs_name>:/ /var/www/html
- Echo”blah” > /var/www/html/index.html
- End user manages only encryption at-rest. In-transit and metadata encryption is managed by AWS
- Can use KMS CMK or select to use a custom key
- Can use EFS-to-EFS backup solution – AWS creates a CloudFormation template and takes care of the rest, follows AWS best practices and availability
- AWS Backup Service – generic backup service to back up AWS data and resources. Advantages:
§ Automate scheduling
§ Set retention policies
§ Monitor recent backup/restore activity
§ Can build a backup plan and assign resources to it
- AWS DataSync – data transfer service. Transfers files and metadata from EFS to EFS OR from existing system into EFS
§ Can transfer across REGIONS and across ACCOUNTS !
- CloudWatch Alarms – watch a metric, generate SNS notification or an EC2 auto-scaling action
- CloudWatch / CloudTrail Logs – monitor/ view logs
- CloudWatch Events – view events and route to a notification service / functions to take actions
No comments:
Post a Comment