Q. What is Amazon Elastic File System?
Amazon Elastic File System (Amazon EFS) is a simple, serverless, set-and-forget elastic file system that makes it easy to set up, scale, and cost-optimize file storage in AWS. With a few clicks in the AWS Management Console, you can create file systems that are accessible to Amazon Elastic Compute Cloud (EC2) instances, Amazon container services (Amazon Elastic Container Service [ECS], Amazon Elastic Kubernetes Service [EKS], and AWS Fargate), and AWS Lambda functions through a file system interface (using standard operating system file I/O APIs). They also support full file system access semantics, such as strong consistency and file locking.
Amazon EFS file systems can automatically scale from gigabytes to petabytes of data without needing to provision storage. Tens, hundreds, or even thousands of compute instances can access an Amazon EFS file system at the same time, and Amazon EFS provides consistent performance to each compute instance. Amazon EFS is designed to be highly durable and highly available. With Amazon EFS, there is no minimum fee or setup costs, and you pay only for what you use.
Q. What use cases does Amazon EFS support?
Amazon EFS is designed to provide performance for a broad spectrum of workloads and applications, including big data and analytics, media processing workflows, content management, web serving, and home directories.
Amazon EFS Standard storage classes are ideal for workloads that require the highest levels of durability and availability.
Amazon EFS One Zone storage classes are ideal for workloads such as development, build, and staging environments, as well as applications such as analytics, simulation, and media transcoding, and for backups or replicas of on-premises data that don’t require multi-AZ resilience.
Q. When should I use Amazon EFS vs. Amazon EBS vs. Amazon S3?
AWS offers cloud storage services to support a wide range of storage workloads.
Amazon EFS is a file storage service for use with Amazon compute (EC2, containers, serverless) and on-premises servers. EFS provides a file system interface, file system access semantics (such as strong consistency and file locking), and concurrently accessible storage for up to thousands of EC2 instances.
Amazon Elastic Block Store (EBS) is a block-level storage service for use with EC2. Amazon EBS can deliver performance for workloads that require the lowest-latency access to data from a single EC2 instance.
Amazon Simple Storage Service (S3) is an object storage service. Amazon S3 makes data available through an internet API that can be accessed anywhere.
Learn more about what to evaluate when considering Amazon EFS.
Q. What Regions is Amazon EFS currently available in?
Please refer to Regional Products and Services for details of Amazon EFS service availability by Region.
Q. How do I get started using Amazon EFS?
To use Amazon EFS, you must have an AWS account. If you don’t already have one, you can sign up for an AWS account and instantly get access to the AWS Free Tier.
Once you have created an AWS account, refer to the Amazon EFS Getting Started guide to begin using EFS. You can create a file system through the AWS Management Console, the AWS Command Line Interface (AWS CLI), and the Amazon EFS API (and various language-specific SDKs).
Q. How do I access a file system from an Amazon EC2 instance?
To access your file system, mount the file system on an Amazon EC2 Linux-based instance using the standard Linux mount command and the file system’s DNS name. To simplify accessing your Amazon EFS file systems, we recommend using the Amazon EFS mount helper utility. Once mounted, you can work with the files and directories in your file system just like you would with a local file system.
EFS uses the Network File System version 4 (NFS v4) protocol. For a step-by-step example of how to access a file system from an EC2 instance, see the guide here.
Q. What Amazon EC2 instance types and AMIs work with Amazon EFS?
Amazon EFS is compatible with all Linux-based AMIs for Amazon EC2. You can mix and match the instance types connected to a single file system. For a step-by-step example of how to access a file system from an EC2 instance, see the instance type guide here.
Q. How do I manage a file system?
Amazon EFS is a fully managed service, so all of the file storage infrastructure is managed for you. When you use Amazon EFS, you avoid the complexity of deploying and maintaining complex file system infrastructure. An Amazon EFS file system grows and shrinks automatically as you add and remove files, so you don’t need to manage storage procurement or provisioning.
You can administer a file system through the AWS Management Console, the AWS CLI, or the Amazon EFS API (and various language-specific SDKs). The console, API, and SDK provide the ability to create and delete file systems, configure how file systems are accessed, create and edit file system tags, enable features such as Provisioned Throughput and Lifecycle Management, and display detailed information about file systems.
Q. How do I load data into a file system?
AWS DataSync provides a fast and simple way to securely sync existing file systems with Amazon EFS. DataSync works over any network connection, including with AWS Direct Connect or AWS VPN. AWS Direct Connect provides a high-bandwidth and lower-latency dedicated network connection, over which you can mount your Amazon EFS file systems. You can use AWS DataSync to copy files between two Amazon EFS file systems, including those in different AWS Regions and those belonging to different AWS accounts. You can also use standard Linux copy tools to move data files to Amazon EFS.
For more information about accessing a file system from an on-premises server, see the On-premises Access section of this FAQ.
For more information about moving data to the Amazon cloud, see the Cloud Data Migration page.
Storage classes and lifecycle management
Q. What storage classes does Amazon EFS offer?
Amazon EFS offers you the choice of creating file systems using Standard or One Zone storage classes. Standard storage classes store data with and across multiple AZs. One Zone storage classes store data redundantly within a single AZ, at a 47% lower price compared to file systems using Standard storage classes, for workloads that don’t require multi-AZ resilience.
EFS offers four storage classes: two Standard storage classes, Amazon EFS Standard and Amazon EFS Standard-Infrequent Access (EFS Standard-IA), and two One Zone storage classes, Amazon EFS One Zone and Amazon EFS One Zone-Infrequent Access (EFS One Zone-IA).
Q. Is the EFS Infrequent Access storage class still available?
The EFS Infrequent Access (EFS IA) storage class has been renamed to EFS Standard-Infrequent Access (EFS Standard-IA). There are no functional differences in the EFS Standard-IA storage class compared to EFS IA. The name was changed to avoid confusion between the Standard and One Zone versions of the Infrequent Access storage classes.
Q. How do I move files to EFS Standard-IA and EFS One Zone-IA?
Moving files to EFS Standard-IA and EFS One Zone-IA starts by enabling Amazon EFS Lifecycle Management and choosing an age-off policy for your files. Lifecycle Management automatically moves your data from the EFS Standard to the EFS Standard-IA storage class or from the EFS One Zone to the EFS One Zone-IA storage class according to the lifecycle policy you choose. For example, you can automatically move files from EFS Standard to EFS Standard-IA if they aren’t accessed after seven days.
Q. What is EFS Intelligent-tiering?
EFS Intelligent-tiering delivers automatic cost savings for workloads with changing access patterns. EFS Intelligent-Tiering uses EFS Lifecycle Management to monitor the access patterns of your workload and is designed to automatically move files that aren’t accessed for the duration of the Lifecycle policy (for example, 30 days) from performance-optimized storage classes (EFS Standard or EFS One Zone) to their corresponding cost-optimized Infrequent Access (IA) storage class (EFS Standard-Infrequent Access or EFS One Zone-Infrequent Access). This helps you take advantage of IA storage pricing that is up to 92% lower than EFS Standard or EFS One Zone storage pricing. If access patterns change and that data is accessed again, Lifecycle Management automatically moves the files back to EFS Standard or EFS One Zone, eliminating the risk of unbounded access charges. If the files become infrequently accessed again, Lifecycle Management transitions the files back to the appropriate IA storage class based on your Lifecycle policy.
Q. When should I use Lifecycle Management to move files to the IA storage classes without a policy to move files back to EFS Standard or EFS One Zone, if accessed?
Use EFS Lifecycle Management to automatically move files to EFS Standard-IA or EFS One Zone-IA if your file system contains files that you’re certain will be accessed infrequently or not at all. Enable Lifecycle Management by choosing a policy to move files to EFS Standard-IA or EFS One Zone-IA, depending on whether your file system uses EFS Standard or EFS One Zone storage classes. Both EFS Standard-IA and EFS One Zone-IA storage classes are ideal if you need your full dataset readily accessible, and you want to automatically save on storage costs as your files are accessed less frequently. Examples include satisfying audits, performing historical analysis, or backup and recovery.
Q. When should I use EFS Intelligent-Tiering?
Use EFS Intelligent-Tiering to automatically move files between performance-optimized and cost-optimized storage classes when data access patterns are unknown. Enable EFS Lifecycle Management by choosing a policy to automatically move files to EFS Standard-IA or EFS One Zone-IA. Additionally, choose a policy to automatically move files back to EFS Standard or EFS One Zone when they’re accessed. With EFS Intelligent-Tiering, you can save on storage costs even if your application access patterns are unknown or access patterns change over time. With these two Lifecycle Management policies set, you pay only for data transition charges between storage classes, and not for repeated data access. Examples of workloads that may have unknown access patterns include web assets and blogs stored by content management systems, logs, machine learning (ML) inference files, and genomic data.
Q. What happens when I disable the policy to move files to the IA storage classes using Amazon EFS Lifecycle Management?
When you disable the policy to move files to the IA storage classes, files will no longer be moved to either EFS Standard-IA or EFS One Zone-IA storage classes (depending on whether your file systems use Standard or One Zone storage classes), and any files that have already moved to an IA storage class will remain there.
Q. What happens when I disable EFS Intelligent-Tiering?
When you disable both Lifecycle Management policies, files will no longer move between the performance-optimized and IA storage classes, and files will remain in the storage classes they resided in when you disabled the lifecycle policies. To disable EFS Intelligent-Tiering, you must disable both the policy that moves files to the EFS Standard-IA or EFS One Zone-IA storage classes, and the policy that moves files to the EFS Standard or EFS One Zone storage class on first access.
Q. What happens if I enable the policy to move files to EFS Standard or EFS One Zone on first access and disable the policy to move files to EFS Standard or EFS One Zone?
Any remaining files in the IA storage classes will move to EFS Standard or EFS One Zone if accessed.
Q. What Amazon EFS features are supported when using EFS Standard-IA and EFS One Zone-IA storage classes?
All Amazon EFS features are supported when using the EFS Standard-IA and EFS One Zone-IA storage classes. Files smaller than 128 KiB are not eligible for Lifecycle Management and will always be stored on either the EFS Standard storage class or the EFS One Zone storage class, depending on whether your file system uses Standard or One Zone storage classes.
Q. What is the latency difference between the performance-optimized storage classes (EFS Standard, EFS One Zone) and the cost-optimized IA storage classes (EFS Standard-IA, EFS One Zone-IA)?
When reading from or writing to the EFS Standard-IA storage class or EFS One Zone-IA storage class, your first-byte latency is higher than that of the EFS Standard or EFS One Zone storage classes. The EFS Standard and EFS One Zone storage classes are designed to provide sub-millisecond read latencies and single-digit millisecond write latencies on average. The EFS Standard-IA and EFS One Zone-IA storage classes are designed to provide double-digit millisecond latencies on average.
Q. What throughput can I drive against files stored in the EFS Standard-IA or EFS One Zone-IA storage class?
The throughput you can drive against an Amazon EFS file system scales linearly with the amount of data stored on the EFS Standard or EFS One Zone storage classes. All Amazon EFS file systems, regardless of size, can burst to 100 MiB/second of throughput. File systems with more than 1 TiB of data stored on EFS Standard or EFS One Zone storage classes can burst to 100 MiB/second per TiB of data stored on EFS Standard or EFS One Zone storage classes. If you require higher amounts of throughput to EFS Standard-IA or EFS One Zone-IA storage classes than your file system allows, use Amazon EFS Provisioned Throughput.
Data protection and availability
Q: How is Amazon EFS designed to provide high durability and availability?
By default, every EFS file system object (such as directory, file, and link) is redundantly stored across multiple AZs for file systems using Standard storage classes. If you select Amazon EFS One Zone storage classes, your data is redundantly stored within a single AZ. Amazon EFS is designed to sustain concurrent device failures by quickly detecting and repairing any lost redundancy. In addition, using Standard storage classes, a file system can be accessed concurrently from all AZs in the Region where it’s located, which means that you can architect your application to failover from one AZ to other AZs in the Region to ensure the highest level of application availability. Mount targets are designed to be highly available within an AZ for all EFS storage classes. For more information on availability, see the Amazon EFS Service Level Agreement.
Q: How durable is Amazon EFS?
Amazon EFS is designed to provide 99.999999999% (11 9’s) of durability over a given year. In addition, EFS Standard and EFS Standard-IA storage classes are designed to sustain data in the event of an entire Availability Zone loss. Because EFS One Zone storage classes store data in a single AWS Availability Zone, data stored in these storage classes may be lost in the event of a disaster or other fault within the Availability Zone that affects all copies of the data, or in the event of Availability Zone destruction. As with any environment, best practice is to have a backup and to put in place safeguards against accidental deletion. For Amazon EFS data, that best practice includes replicating your file system across Regions using Amazon EFS Replication, and a functioning, regularly tested backup using AWS Backup. File systems using EFS One Zone storage classes are configured to automatically back up files by default at file system creation, unless you choose to disable this functionality.
Q: What failure modes do I have to consider when using Amazon EFS One Zone compared to Standard storage classes?
File systems using Amazon EFS One Zone storage classes are not resilient to a complete AZ outage. In the event of an AZ outage, you will experience a loss of availability, because your file system data is not replicated to a different AZ. In the event of disaster or fault within an AZ affecting all copies of your data, or a permanent AZ loss, you may experience loss of data that has not been replicated using Amazon EFS Replication to keep an up-to-date copy of your file system in a second AWS Region or an AZ. EFS Replication is designed to meet a recovery point objective (RPO) and recovery time objective (RTO) of minutes. You can also use AWS Backup to store additional copies of your file system data and restore them to a new file system in an AZ or Region of your choice. Amazon EFS file system backup data created and managed by AWS Backup is replicated to 3 AZs and is designed for 99.999999999% (11 9’s) durability.
Q. How can I guard my EFS One Zone file system against the loss of an AZ?
You can use Amazon EFS Replication or AWS Backup to guard your EFS One Zone file system against the loss of an AZ. Amazon EFS Replication replicates your file system data to another AWS Region or within the same Region in a few clicks, without requiring additional infrastructure or a custom process to monitor and synchronize data changes. EFS replication is continuous and designed to provide a recovery point objective (RPO) and a recovery time objective (RTO) of minutes for most file systems.
Backups are enabled by default for all file systems using Amazon EFS One Zone storage classes. You can disable this setting when creating file systems. You are able to restore your file data from a recent backup to a newly created file system in any operating AZ in the event of an AZ loss. If Amazon EFS is impacted by an AZ loss, and your data is stored in One Zone storage classes, you may experience data loss for files that have changed since the last automatic backup.
Q: What is Amazon EFS Replication?
EFS Replication allows you to replicate your file system data to another AWS Region or within the same Region in a few clicks, without requiring additional infrastructure or a custom process to monitor and synchronize data changes. Amazon EFS Replication automatically and transparently replicates your data to a second file system in a Region or AZ of your choice. You can use the Amazon EFS console, AWS CLI, and APIs to enable replication on an existing file system. EFS Replication is continuous and designed to provide a recovery point objective (RPO) and a recovery time objective (RTO) of minutes, enabling you to meet your compliance and business continuity goals.
Q: Why should I use EFS Replication?
If you have requirements to maintain a copy of your file system hundreds of miles apart for purposes of disaster recovery, compliance, or business continuity planning, EFS Replication can help you meet those requirements. For applications that require a low network latency cross-region access, Amazon EFS Replication provides a read-only copy in the region of your choice. With Amazon EFS Replication, you can cost-optimize and save up to 75% on your disaster recovery storage costs by using low-cost EFS One Zone storage classes and a 7-day age-off lifecycle management policy for your destination file system. There is no need to build and maintain a custom process for data replication. EFS Replication also makes it easy to monitor and alarm on your RPO status using Amazon CloudWatch.
Q: How do I get started with EFS Replication?
Using the Amazon EFS console, simply enable Replication on the file system you want to replicate (source file system) and choose the Region or AZ where you want to store the replica (destination). You can also use the CreateReplicationConfiguration API from the AWS CLI or AWS SDK to enable EFS Replication. As part of configuring EFS Replication, you’ll choose the Region in which to create your replica. If you choose to use EFS One Zone storage classes for your replica, you must also select your file system’s AZ. Once EFS Replication is enabled, Amazon EFS will automatically create a new destination file system in the destination Region or AZ you’ve selected. You can select the destination file system’s lifecycle management policy, backup policies, provisioned throughput, mount targets, and access points independent of the source file system. For example, you can optimize the destination file system storage costs by enabling EFS Lifecycle Management with a shorter age-off policy (such as 7 days) when compared to the source file system’s age-off policy (such as 7, 14, 30, 60, or 90 days). EFS Replication configurations such as the replication pair (source and destination), replication status, and last completed replication timestamp can be accessed using the DescribeReplicationConfigurations API.
Q: How does EFS Replication work?
When you enable EFS Replication on a file system, Amazon EFS automatically creates a new file system in the destination region and begins copying your data into it. Once the initial copy is completed, EFS Replication copies changes incrementally to deliver an RPO of minutes for most file systems. EFS Replication preserves all metadata, such as owners and permissions, when copying changes to files and folders. While EFS Replication is enabled, your destination file system is in read-only mode and can be updated only by EFS Replication. In the event that your source file system is unavailable, you can failover to the destination file system by deleting replication. Deleting the Replication makes the destination file system writeable for your applications to use.
Q: Can I change my destination file system’s settings when EFS Replication is enabled?
Yes. When EFS Replication is enabled, you can modify your destination file system configuration settings, such as its lifecycle management policy including intelligent-tiering, backup policy, mount targets, access points, and provisioned throughput. All destination file systems are created with encryption of data at rest enabled irrespective of the source file system setting. You cannot change the performance mode of the destination file system. It always matches that of the source file system, except when you create a One Zone replica. In that case, General Purpose performance mode is used because Max I/O performance mode is not supported by EFS One Zone storage classes.
Q: Can I change which Region I’m replicating data to?
No. In order to change the Region of your destination, you first have to delete the replication configuration between your source and destination file system. You can then create a new replication configuration from the source by selecting the desired Region. Amazon EFS will create a new destination file system in the selected Region and begin to replicate the source file system's contents.
Q: Can I delete my source or destination file system if they’re part of a replication pair?
You cannot delete either your source or your destination file system if it’s part of a replication pair. In order to delete one of the file systems in the pair, you first need to delete the replication configuration.
Q: Is my replica file system point-in-time consistent?
No. EFS Replication doesn’t provide point-in-time consistent replication. EFS Replication publishes a timestamp metric on Amazon CloudWatch called TimeSinceLastSync. All changes made to your source file system at least as of the published time will be copied over to the destination. Changes to your source file system after the recorded time may not have been replicated over. You can monitor the health of your EFS Replication using Amazon CloudWatch. If you interrupt the replication process due to a disaster recovery event, some files from the source file system may have transferred over but are not yet copied to their final locations on your destination file system. These files and their contents can be found on your destination file system in a lost+found directory created by EFS Replication under the root directory.
Q: Can I select the VPC in which my mount targets are created?
Yes. When you enable EFS Replication for the first time, the replica file system will be automatically created for you. It’s created in the Region of your choosing without mount targets. You can then create mount targets for your replica file system in the VPC of your choosing. You can also change the VPC for your replica file system by deleting any existing mount targets and creating new ones in a VPC of your choosing.
Q: How can I utilize my destination file system while replication is enabled and when replication is deleted?
When your replication is in Enabled state, only EFS Replication is allowed to make changes to your destination file system. You can access your replica in the read-only mode during this time. In the event of a disaster you can fail over to your destination file system by deleting your replication configuration from the Amazon EFS console or by using the DeleteReplicationConfiguration API. When you delete the Replication, Amazon EFS will stop replicating additional changes and make the destination file system writeable. You can then point your application to your destination file system to continue your operations. You can use the Amazon EFS console or the DescribeReplicationConfigurations API call to check your destination file system status after you’ve failed over.
Q: Is the data for my file system replica encrypted in transit and at rest?
For all file systems, Amazon EFS automatically and transparently encrypts all Amazon EFS network traffic using Transport Layer Security (TLS) version 1.2. Your destination file system is created with encryption at rest enabled. You can select an encryption key from those available in the destination Region AWS Key Management Service (KMS) or by using the default service “aws/elasticfilesystem” key in the Region where your destination file system is located.
Q: What permissions do I need to use EFS Replication?
To create and delete a replication, your AWS IAM or resource-based policy must have permission for the Amazon EFS API calls CreateFileSystem, CreateReplicationConfiguration, and DescribeReplicationConfigurations.
Q: Does my replication traffic go over the public internet?
No. EFS Replication traffic always stays on the global AWS backbone.
Q: Can I use EFS Replication to replicate my file system to more than one AWS Region or to multiple file systems within a second Region?
No. EFS Replication supports replication between exactly two file systems.
Q: Can I replicate Amazon EFS file systems across AWS accounts?
No. Amazon EFS does not support replicating file systems to a different AWS account.
Q: Does EFS Replication consume my file system burst credits, IOPS limit, and throughput limits?
No. EFS Replication activity does not consume burst credits or count against the file system IOPS and throughput limits for either file system in a replication pair.
Q: Can I expect my destination file system to be available as soon as I enable EFS Replication?
Yes. When you first enable EFS Replication, your replica file system will be created in read-only mode and your entire source file system will be copied to the destination you selected. The time to complete this operation depends on the size of your source file system. Although you can failover to your destination file system at any time, it is recommended that you wait until the copy is complete to minimize data loss. You can monitor the progress of your replication from the Amazon EFS console, which displays a timestamp that indicates the last time your source file system and destination file system were synchronized.
Scale and performance
Q. How much data can I store?
You can store petabytes of data with Amazon EFS. Amazon EFS file systems are elastic and automatically grow and shrink as you add and remove files, without any need to provision file system size up front - and you pay only for what you use.
Q. How many Amazon EC2 instances can connect to a file system?
Amazon EFS supports one to thousands of Amazon Elastic Compute Cloud (Amazon EC2) instances connecting to a file system concurrently.
Q. How many file systems can I create?
You can create up to one thousand file systems per Region. For information on Amazon EFS limits, visit the Amazon EFS Limits page.
Q. What is the difference between General Purpose performance mode and Max I/O performance mode? Which one should I choose?
General Purpose mode is the recommended performance mode for most file systems. It has the lowest latency and provides the best performance for the majority of applications. Max I/O performance mode scales to higher levels of aggregate throughput and operations per second with the tradeoff of higher latencies. File systems using One Zone storage classes always use the General Purpose performance mode. For more information, see the documentation on File System Performance.
Q. What latency can I expect for my Amazon EFS file system?
The expected latency for your Amazon EFS file system depends on the storage class, the performance mode (General Purpose or Max I/O), and the file system operation type (read or write). The table that follows displays the average expected latency for General Purpose file systems.
EFS One Zone
As low as 600 microseconds
Low single-digit milliseconds
EFS One Zone-IA
As low as 600 microseconds
|Low single-digit milliseconds|
Latency on Max I/O file systems is single-digit to double-digit milliseconds.
Q. How much throughput can a file system support?
Bursting throughput mode, which is the default throughput mode for Amazon EFS file systems, scales the throughput available to a file system as that file system grows. Because file-based workloads are typically spiky - requiring high levels of throughput at certain periods of time and lower levels of throughput otherwise - Amazon EFS is designed to "burst" which allows high throughput levels for periods of time. Also, because many workloads are read-heavy, read operations are metered at a 1:3 ratio to other NFS operations (such as write). All file systems deliver a consistent baseline performance of 50 MB/second per TB of EFS Standard or EFS One Zone storage, while all file systems (regardless of size) can burst to 100 MB/second, and file systems with more than 1 TB of EFS Standard or EFS One Zone storage can burst to 100 MB/second per TB. Since read operations are metered at a 1:3 ratio, you can drive up to 300 MiB/second per TiB of read throughput. As you add data to your file system, the maximum throughput available to the file system scales linearly and automatically with your storage in the Amazon EFS Standard storage class. If you need more throughput than you can achieve with the amount of data you have stored, you can configure Provisioned Throughput to the specific amount your workload requires.
File system throughput is shared across all EC2 instances connected to a file system. For example, a 1 TB file system that can burst to 100 MB/second of throughput can drive 100 MB/second from a single EC2 instance, or 10 EC2 instances can each drive 10 MB/second (100 MB/second collectively). For more information, see the documentation on File System Performance.
Q. What is Provisioned Throughput and when should I use it?
With EFS Provisioned Throughput, you can provision your file systems' throughput independent of the amount of data stored, optimizing your file system throughput performance to match your application’s needs.
Provisioned Throughput is available for applications with a high throughput to storage (MB/second per TB) ratio. For example, if you're using Amazon EFS for development tools, web serving, or content management applications - where the amount of data in your file system is low relative to throughput demands - you can instantly get the high levels of throughput that your applications require.
You can select your file system’s throughput mode via the AWS Management Console, AWS Command Line Interface (CLI), or Amazon EFS API. For more details, see the documentation on Provisioned Throughput.
Q. How does Amazon EFS Provisioned Throughput work?
When you select Provisioned Throughput for your file system, you can provision the throughput of that file system independently from the amount of data stored, paying for the storage and Provisioned Throughput separately—for example, $0.30 per GB-month for Standard storage and $6.00 per MB/second-month for Provisioned Throughput in US-East (N. Virginia). Read operations are metered at a 1:3 ratio, so you can drive up to 3 MiB/second of read throughput for each 1 MiB/second of throughput provisioned.
Provisioned Throughput also includes 50 KB/second per GB (or 1 MB/second per 20 GB) of throughput in the price of Amazon EFS Standard storage. For example, if you store 20 GB for one month on Amazon EFS Standard storage class and configure a throughput of 5 MB/second for that month, you're billed for 20 GB-month of storage and 4 (5 minus 1) MB/second-month of throughput.
Q: How do I monitor my read and write throughput usage?
You can monitor your throughput using Amazon CloudWatch. The TotalIOBytes, ReadIOBytes, WriteIOBytes, and MetadataIOBytes metrics reflect the actual throughput your applications are driving. PermittedThroughput and MeteredIOBytes reflect your metered throughput limit and usage, respectively, after metering read requests at a 1:3 ratio to other requests. With the Amazon EFS console, you can use the Percent Throughput Limit graph to monitor your throughput utilization. If you use custom CloudWatch dashboards or another monitoring tool, you can also create a CloudWatch metric math expression that compares MeteredIOBytes to PermittedThroughput. If these values are equal, you’re consuming your entire amount of throughput and should consider configuring Provisioned Throughput or increasing the amount of throughput configured. For Bursting Throughput mode file systems, monitor the BurstCreditBalance metric and alert on a balance approaching zero to operate your file system at its burst rate rather than its base rate.
Q. How will I be billed in Provisioned Throughput mode?
In Provisioned Throughput mode, you’re billed independently for storage you used and throughput you provisioned. You’re billed hourly in the following dimensions:
- Storage (per GB-month): You’re billed for the amount of storage you use in GB-month.
- Throughput (per MB/second-month): You’re billed for throughput you provision in MB/second-month.
Q. How often can I change my file system's Provisioned Throughput?
In Provisioned Throughput mode, you can increase its provisioned throughput as often as you want. Decrease your file system throughput in Provisioned Throughput mode or change between Provisioned Throughput and the default Bursting Throughput modes as long as it’s been more than 24 hours since the last decrease or throughput mode change.
Q. What is the throughput of my file system if the Provisioned Throughput mode is set to less than the Baseline Throughput I am entitled to in Bursting Throughput mode?
In the default Bursting Throughput mode, the throughput of your file system scales with the amount of data stored. If your file system in the Provisioned Throughput mode grows in size after the initial configuration, your file system could potentially have a higher baseline rate in Bursting Throughput mode than in the Provisioned Throughput mode.
In that case, your file system throughput will be the throughput it’s entitled to in the default Bursting Throughput mode, and you won’t incur any additional charge for the throughput beyond the bursting storage cost. You can also burst according to the Amazon EFS throughput bursting model.
Q. How do I control which Amazon EC2 instances can access my file system?
You control which EC2 instances can access your file system using VPC security group rules and AWS IAM policies. Use VPC security groups to control the network traffic to and from your file system. Attach an IAM policy to your file system to control which clients can mount your file system and with what permissions, and use EFS Access Points to manage application access. Control access to files and directories with POSIX-compliant user and group-level permissions.
Q. How can I use IAM policies to manage file system access?
Using the Amazon EFS console, you can apply common policies to your file system, such as disabling root access, enforcing read-only access, or enforcing that all connections to your file system are encrypted. You can also apply more advanced policies, such as granting access to specific IAM roles, including those in other AWS accounts.
Q. What is an Amazon EFS Access Point?
Amazon EFS Access Points simplify providing applications with access to shared datasets in an Amazon EFS file system. Amazon EFS Access Points work together with AWS IAM and enforce an operating system user and group, and a directory for every file system request made through the access point. You can create multiple access points per file system and use them to provide access to specific applications.
Q. Why should I use Amazon EFS Access Points?
Amazon EFS Access Points represent a flexible way to manage application access in NFS environments with increased scalability, security, and ease of use. Use cases that can benefit from Amazon EFS Access Points include container-based environments where developers build and deploy their own containers, data science applications that require access to production data, and sharing a specific directory in your file system with other AWS accounts.
Q. How do Amazon EFS Access Points work?
When you create an Amazon EFS Access Point, you can configure an operating system user and group, and a root directory for all connections that use it. If you specify the root directory’s owner, EFS will automatically create it with the permissions you provide the first time a client connects to the access point. You can also update your file system’s IAM policy to apply to your access points. For example, you can apply a policy that requires a specific IAM identity in order to connect to a given access point. For more information, see the Amazon EFS user guide.
Q. What is Amazon EFS Encryption?
Amazon EFS offers the ability to encrypt data at rest and in transit.
Data encrypted at rest is transparently encrypted while being written, and transparently decrypted while being read, so you don’t have to modify your applications. Encryption keys are managed by the AWS KMS, eliminating the need to build and maintain a secure key management infrastructure.
Data encryption in transit uses industry-standard Transport Layer Security (TLS) 1.2 to encrypt data sent between your clients and EFS file systems.
Encryption of data at rest and data in transit can be configured together or separately to help meet your unique security requirements.
For more details, see the user documentation on Encryption.
Q. What is the AWS Key Management Service (KMS)?
AWS KMS manages the encryption keys for encrypted data at rest on EFS file systems. KMS is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. KMS is integrated with AWS services, including Amazon EFS, Amazon EBS, and Amazon S3, making it simple to encrypt your data with encryption keys that you manage. AWS KMS is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.
Q. How do I enable encryption for my Amazon EFS file system?
You can enable encryption at rest in the Amazon EFS console or by using the AWS CLI or SDKs. When creating a new file system in the EFS console, click “Create File System” and click the checkbox to enable encryption.
Data can be encrypted in transit between your Amazon EFS file system and its clients by using the Amazon EFS mount helper.
Encryption of data at rest and data in transit can be configured together or separately to help meet your unique security requirements.
For more details, see the user documentation on Encryption.
Q. Does encryption impact Amazon EFS performance?
Encrypting your data has a minimal effect on I/O latency and throughput.
Q. How do I access an Amazon EFS file system from servers in my on-premises datacenter?
You mount an Amazon EFS file system on your on-premises Linux server using the standard Linux mount command for mounting a file system using the NFS v4.1 protocol.
For more information about accessing Amazon EFS file systems from on-premises servers, see the documentation.
Q. What can I do by enabling access to my Amazon EFS file systems from my on-premises servers?
You can mount your Amazon EFS file systems on your on-premises servers, and move file data to and from Amazon EFS using standard Linux tools and scripts or AWS DataSync. The ability to move file data to and from Amazon EFS file systems allows for three use cases.
First, you can migrate data from on-premises datacenters to permanently reside in EFS file systems.
Second, you can support cloud bursting workloads to off-load your application processing to the cloud. You can move data from your on-premises servers into your Amazon EFS file systems, analyze it on a cluster of Amazon EC2 instances in your Amazon VPC, and store the results permanently in your Amazon EFS file systems or move the results back to your on-premises servers.
Third, you can periodically copy your on-premises file data to Amazon EFS to support backup and disaster recovery scenarios.
Q. Can I access my Amazon EFS file system concurrently from my on-premises datacenter servers as well as Amazon EC2 instances?
Yes. You can access your Amazon EFS file system concurrently from servers in your on-premises datacenter as well as Amazon EC2 instances in your Amazon VPC. Amazon EFS provides the same file system access semantics, such as strong data consistency and file locking, across all EC2 instances and on-premises servers accessing a file system.
Q. What is the recommended best practice when moving file data to and from on-premises servers?
Because of the propagation delay tied to data traveling over long distances, the network latency of the network connection between your on-premises datacenter and your Amazon VPC can be tens of milliseconds. If your file operations are serialized, the latency of the network connection directly impacts your read and write throughput; in essence, the volume of data you can read or write during a period of time is bounded by the amount of time it takes for each read and write operation to complete. To maximize your throughput, parallelize your file operations so that multiple reads and writes are processed by Amazon EFS concurrently. Standard tools like GNU parallel allow you to parallelize the copying of file data. For more information, see the online documentation.
Q. How do I copy existing data from on-premises file storage to Amazon EFS?
There are a number of methods to copy existing on-premises data into Amazon EFS. AWS DataSync provides a fast and simple way to securely sync existing file systems into EFS and works over any network, including AWS Direct Connect.
AWS Direct Connect provides a high-bandwidth and lower-latency dedicated network connection over which you can mount your EFS file systems. Once mounted, you can use DataSync to copy data into EFS up to 10 times faster than standard Linux copy tools.
For more information on AWS DataSync, see the Data transfer section of this FAQ.
Q. What AWS-native options do I have to transfer data into my file system?
AWS DataSync is an online data transfer service that makes it faster and simpler to move data between on-premises storage and Amazon EFS. DataSync uses a purpose-built protocol to accelerate and secure transfer over the internet or AWS Direct Connect, at speeds up to 10 times faster than open-source tools. Using DataSync, you can perform one-time data migrations, transfer on-premises data for timely in-cloud analysis, and automate replication to AWS for data protection and recovery.
AWS Transfer Family is a fully managed file transfer service that provides support for Secure File Transfer Protocol (SFTP), File Transfer Protocol over SSL (FTPS), and File Transfer Protocol (FTP). The AWS Transfer Family provides you with a fully managed, highly available file transfer service with auto scaling capabilities, eliminating the need for you to manage file transfer–related infrastructure. Your end users’ workflows remain unchanged, while data uploaded and downloaded over the chosen protocols is stored in your Amazon EFS file system.
Q. How do I transfer data into or out of my Amazon EFS file system?
To get started with AWS DataSync, you can use the AWS Management Console or AWS CLI to connect the agent to your on-premises or in-cloud file systems using the Network File System (NFS) protocol, select your Amazon EFS file system, and start copying data. You must first deploy a software agent that is available for download from the console, except when copying files between two Amazon EFS file systems.
To get started with AWS Transfer Family, first ensure that your file system’s directories are accessible by the POSIX users that you plan to assign to AWS Transfer. Then you can use the console, CLI, or API to create a Transfer Family endpoint and user(s). Once complete, your end users can use their SFTP, FTP, or FTPS clients to access data stored in your Amazon EFS file system.
Q. Can Amazon EFS data be transferred between Regions?
You can use AWS DataSync to transfer files between two Amazon EFS file systems, including ones in different AWS Regions. AWS Transfer Family endpoints must be in the same Region as your Amazon EFS file system.
Q. Can I access my file system with another AWS account?
Yes. You can use AWS DataSync to copy files to an Amazon EFS file system in another AWS account.
You can also configure your Amazon EFS file system to be accessed by AWS Transfer Family using another account as long as the account has been granted permissions to do so. To learn more about granting Transfer Family permissions to external AWS accounts via file system policies, see the documentation.
Q. What interoperability and compatibility is there between existing AWS services and Amazon EFS?
Amazon EFS is integrated with a number of other AWS services, including Amazon CloudWatch, AWS CloudFormation, AWS CloudTrail, AWS IAM, and AWS Tagging services.
CloudWatch allows you to monitor file system activity using metrics. CloudFormation allows you to create and manage file systems using templates.
CloudTrail allows you to record all Amazon EFS API calls in log files.
IAM allows you to control who can administer your file system. AWS Tagging services allows you to label your file systems with metadata that you define.
You can plan and manage your Amazon EFS file system costs by using AWS Budgets. You can work with AWS Budgets from the AWS Billing and Cost Management console. To use AWS Budgets, you create a monthly cost budget for your Amazon EFS file systems.
Q. What type of locking does Amazon EFS support?
Locking in Amazon EFS follows the NFS v4.1 protocol for advisory locking and allows your applications to use both whole file and byte range locks.
Q. Are file system names global (like Amazon S3 bucket names)?
Every file system has an automatically generated ID number that is globally unique. You can tag your file system with a name, and these names don’t need to be unique.
Pricing and billing
Q. How much does Amazon EFS cost?
With Amazon EFS, you pay only for what you use per month.
When using the Provisioned Throughput mode, you pay for the throughput you provision per month. There is no minimum fee and no setup charges.
Amazon EFS infrequent access storage is priced based on the amount of storage used and the amount of data accessed. Until Lifecycle Management fully moves your file to an EFS infrequent access storage class (EFS Standard-IA or EFS One Zone-IA), it’s stored on EFS Standard or EFS One Zone and billed at the Standard or One Zone rate, as applicable.
For more EFS pricing information, visit the Amazon EFS Pricing page.
Q. Do your prices include taxes?
Except as otherwise noted, our prices are exclusive of applicable taxes and duties, including VAT and applicable sales tax. For customers with a Japanese billing address, use of AWS services is subject to Japanese Consumption Tax. Learn more.
Access from AWS services
Q. Can I access Amazon EFS from Amazon EC2 instances?
Yes. You can access Amazon EFS from tens of thousands of EC2 instances launched using any supported launch method. When you use the EC2 launch instance wizard, you can create new Amazon EFS file systems, and add existing file systems to the instance you’re launching. All the file systems you added to the instance are automatically mounted on the instance when it’s launched. Learn more about using Amazon EFS with EC2 instances in the Amazon EC2 documentation.
Q. Can I access Amazon EFS from Amazon ECS containers?
Yes. You can access Amazon EFS from containerized applications launched by Amazon ECS using both Amazon EC2 and AWS Fargate launch types by referencing an EFS file system in your task definition. Find instructions for getting started in the ECS documentation.
Q. Can I access Amazon EFS from Amazon Elastic Kubernetes Service (EKS) pods?
Yes. You can access Amazon EFS from containerized applications launched by Amazon EKS, with either Amazon EC2 or AWS Fargate launch types, using the Amazon EFS CSI driver. Find instructions for getting started in the EKS documentation.
Q. Can I access Amazon EFS from AWS Lambda functions?
Yes. You can access Amazon EFS from functions running in AWS Lambda by referencing an Amazon EFS file system in your function settings. Find instructions for getting started in the AWS Lambda documentation.
Q. Can I access Amazon EFS from Amazon SageMaker?
Yes. You can access training data in Amazon EFS from Amazon SageMaker training jobs by referencing an Amazon EFS file system in your CreateTrainingJob request. EFS is also automatically used for home directories created by Amazon SageMaker Studio.