Amazon EFS Features

Overview

Amazon Elastic File System (EFS) is designed to provide serverless, fully elastic file storage that lets you share file data without provisioning or managing storage capacity and performance. It can be used with AWS services and on-premises resources, and it's built to scale to petabytes on demand without disrupting applications.

Amazon EFS is well suited to support a broad spectrum of use cases from home directories to business-critical applications. Use cases include storage for containerized and serverless applications, big data analytics, web serving and content management, application development and testing, media and entertainment workflows, and database backups.

What is cloud file storage?

cloud storage illustration

Storage management

Amazon EFS is a fully managed service providing network file sharing (NFS) shared file system storage for Linux workloads. Amazon EFS makes it quick and efficient to create and configure file systems. You needn’t worry about managing file servers or storage, updating hardware, configuring software, or performing backups. In seconds, you can create a fully managed file system using the AWS Management Console, the AWS Command Line Interface (CLI), or an AWS SDK.

Amazon EFS offers two file system types that you can choose from based on your durability and availability needs. EFS Regional file systems (recommended) offer the highest levels of durability and availability by storing data with and across multiple Availability Zones (AZs). EFS One Zone file systems store data redundantly within a single AZ, so data in these file systems will be unavailable and might be lost during a disaster or other fault within the AZ.  

Amazon EFS is designed for 99.999999999 percent (11 nines) of durability over a given year. EFS file system data is accessed using AZ-specific EFS mount targets, which are designed to be highly available within an AZ. EFS Regional file systems support concurrent access from EFS mount targets in all AZs in the Region where they are located. That means you can architect your application to failover from one AZ to other AZs in the Region to achieve the highest level of application availability. EFS One Zone file systems support only one highly-available EFS mount target in a single AZ, which means data may become unavailable during a disaster or other fault within that AZ. For more information on availability, see the Amazon EFS Service Level Agreement.

Performance and scale

By default, Amazon EFS file system storage and throughput capacity is elastic, growing and shrinking automatically to suit your workloads needs. With elastic capacity, provisioning is unnecessary, and you’re billed only for what you use. Amazon EFS file systems can deliver the throughput, IOPS, and low latency necessary for a broad range of workloads, independent of the file system size. Amazon EFS is designed to be highly scalable, growing to petabytes of storage, hundreds of thousands of I/O operations per second (IOPS), and tens of gigabytes per second of throughout, with massively parallel access from various AWS compute instances.

With the default EFS Elastic Throughput mode, your file system throughput automatically scales with your workload activity and you pay only for what you use. Use the Elastic Throughput mode if you’re unsure of your application’s peak throughput needs or if your application’s throughput usage is very spiky. If you know your workload’s peak throughput requirements and you expect your workload to consume a higher share of your application’s peak throughput capacity, use the Provisioned Throughput mode.

Cost optimization

Amazon EFS offers three storage classes: EFS Standard, EFS Infrequent Access, and EFS Archive. Data that is frequently accessed tends to have higher performance needs, so EFS provides an SSD-powered EFS Standard class designed to deliver sub-millisecond latencies. For data that’s infrequently accessed, you can use EFS’s two cost-optimized storage classes that provide low double-digit millisecond latencies: EFS Infrequent Access (IA), designed for data accessed only a few times a quarter, and EFS Archive, designed for data accessed less than few times a year. EFS IA offers up to 95% lower cost than EFS Standard for infrequently-accessed data. EFS Archive is a further cost-optimized experience for colder data, offering up to 50% lower cost than EFS Infrequent Access.

By enabling EFS Lifecycle Management, you can automatically tier files between storage classes based on your access patterns. You can create a custom lifecycle management policy to transition files between storage classes, or use the default, recommended policy which will tier files from EFS Standard to EFS IA after 30 consecutive days without access and to EFS Archive after 90 consecutive days without access. You can also enable EFS Intelligent-Tiering to transition files from EFS IA and EFS Archive back to EFS Standard for subsequent faster, sub-millisecond access.

Accessibility

Amazon EFS provides secure access for thousands of connections for Amazon Elastic Compute Cloud (Amazon EC2) instances, as well as AWS container and serverless compute services. Amazon EFS also simultaneously supports on-premises servers using a traditional file permissions model, file locking, and hierarchical directory structure through the NFS v4 protocol. Amazon EC2 instances can access your file system across AZs and Regions while on-premises servers can access it via AWS Direct Connect or AWS VPN services.

In addition to traditional EC2 instances, Amazon EFS runs on AWS containers and serverless compute services that require shared storage for latency-sensitive and IOPS-heavy workloads at any scale. In a single step, Amazon EFS provides applications running on Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Kubernetes Service (EKS), AWS Fargate, and AWS Lambda with access to shared file systems for stateful workloads.

Data protection and security

Amazon EFS Replication copies your file system data into another file system in the AWS Region of your choice. Organizations in regulated industries are often mandated by compliance requirements to store a secondary copy of their data, hundreds of miles away from the primary, to plan for Disaster Recovery (DR) events. Using EFS Replication, you can perform DR workflows such as failover and failback without requiring additional infrastructure or custom processes. EFS Replication transfers only incremental data to synchronize your file systems and is designed to provide a recovery point objective (RPO) and a recovery time objective (RTO) of minutes. You can use the Amazon EFS console, AWS Command Line Interface (CLI), AWS CloudFormation, and APIs to activate replication on an existing file system.

Amazon EFS Backups are powered by AWS Backup, which is a fully managed backup service that centrally manages and automates backups of your Amazon EFS file systems, removing the need for costly custom solutions and manual processes. AWS Backup goes beyond backing up EFS and centralizes the backup of data across other AWS services in the cloud and on premises. As applications move to the cloud, their data can become distributed across multiple services, making it difficult to manage and consolidate backup activity without creating custom scripts and manual processes. Using AWS Backup, you can centrally configure and audit AWS resources, automate backup scheduling, set retention policies, and monitor backup activity.

Control network access to your file systems using Amazon Virtual Private Cloud (VPC) security group rules, and application access to your file systems using AWS Identity and Access Management (IAM) policies and Amazon EFS Access Points. AWS is certified under numerous certification programs to help you achieve your compliance goals. See this list of compliance programs in scope for Amazon EFS for more information.

Amazon EFS provides a comprehensive encryption solution to help you secure both your stored data and data in flight. Data at rest is transparently encrypted using encryption keys managed by the AWS Key Management Service (KMS), eliminating the need to build and maintain a key management infrastructure. Encryption of data in transit uses industry-standard Transport Layer Security (TLS) to help you secure network traffic, without the need to modify your applications. Refer to the user documentation on encryption for more information about encrypting file system data.

Data transfer

AWS DataSync is a managed data transfer service that makes it faster and simpler to move data between on-premises storage and Amazon EFS. Use DataSync to transfer active datasets over the internet or AWS Direct Connect up to 10 times faster than open-source tools, without the need to modify your applications. Use the service for one-time data migrations, ongoing workflows with periodic synchronization, or replication for data protection and recovery. DataSync automatically manages many tasks known to slow down migrations or burden IT operations, including infrastructure management, encryption, data validation, and data transfer orchestration.

AWS Transfer Family provides fully managed support for file transfers directly into and out of Amazon EFS. With support for Secure File Transfer Protocol (SFTP), File Transfer Protocol over SSL (FTPS), and File Transfer Protocol (FTP), Transfer Family helps you seamlessly migrate your file transfer workflows to AWS.