AWS EFS Terraform module
Upstream version 2.2.0
0 controls from Registry requirements
Terraform Module Source
registry.compliance.tf/terraform-aws-modules/efs/aws33 unique
| Name | Type | Default | Description |
|---|---|---|---|
| Optional | |||
access_points | map({...}) | {} | A map of access point definitions to create |
attach_policy | bool | true | Determines whether a policy is attached to the file system |
availability_zone_name | string | null | The AWS Availability Zone in which to create the file system. Used to create a file system that uses One Zone storage classes |
bypass_policy_lockout_safety_check | bool | null | A flag to indicate whether to bypass the `aws_efs_file_system_policy` lockout safety check. Defaults to `false` |
create | bool | true | Determines whether resources will be created (affects all resources) |
create_backup_policy | bool | true | Determines whether a backup policy is created |
create_replication_configuration | bool | false | Determines whether a replication configuration is created |
create_security_group | bool | true | Determines whether a security group is created |
creation_token | string | null | A unique name (a maximum of 64 characters are allowed) used as reference when creating the Elastic File System to ensure idempotent file system creation. By default generated by Terraform |
deny_nonsecure_transport | bool | true | Determines whether `aws:SecureTransport` is required when connecting to elastic file system |
deny_nonsecure_transport_via_mount_target | bool | true | Determines whether to use the common policy option for denying nonsecure transport which allows all AWS principals when accessed via EFS mounted target |
enable_backup_policy | bool | true | Determines whether a backup policy is `ENABLED` or `DISABLED` |
encrypted | bool | true | If `true`, the disk will be encrypted |
kms_key_arn | string | null | The ARN for the KMS encryption key. When specifying `kms_key_arn`, encrypted needs to be set to `true` |
lifecycle_policy | object({...}) | {} | A file system [lifecycle policy](https://docs.aws.amazon.com/efs/latest/ug/API_LifecyclePolicy.html) object |
mount_targets | map({...}) | {} | A map of mount target definitions to create |
name | string | "" | The name of the file system |
override_policy_documents | list(string) | [] | List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid` |
performance_mode | string | null | The file system performance mode. Can be either `generalPurpose` or `maxIO`. Default is `generalPurpose` |
policy_statements | map({...}) | null | A list of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage |
protection | object({...}) | null | A map of file protection configurations |
provisioned_throughput_in_mibps | number | null | The throughput, measured in MiB/s, that you want to provision for the file system. Only applicable with `throughput_mode` set to `provisioned` |
region | string | null | Region where this resource will be managed. Defaults to the Region set in the provider configuration |
replication_configuration_destination | object({...}) | null | A destination configuration block |
security_group_description | string | null | Security group description. Defaults to Managed by Terraform |
security_group_egress_rules | map({...}) | {} | Map of security group egress rules to add to the security group created |
security_group_ingress_rules | map({...}) | {} | Map of security group ingress rules to add to the security group created |
security_group_name | string | null | Name to assign to the security group. If omitted, Terraform will assign a random, unique name |
security_group_use_name_prefix | bool | false | Determines whether to use a name prefix for the security group. If `true`, the `security_group_name` value will be used as a prefix |
security_group_vpc_id | string | null | The VPC ID where the security group will be created |
source_policy_documents | list(string) | [] | List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s |
tags | map(string) | {} | A map of tags to add to all resources |
throughput_mode | string | null | Throughput mode for the file system. Defaults to `bursting`. Valid values: `bursting`, `elastic`, and `provisioned`. When using `provisioned`, also set `provisioned_throughput_in_mibps` |