feat(efs): create EFS file systems #6373
Conversation
* 100% unit test coverage. * This was tested by creating an EFS using this construct in a cdk application. A instance was also created in this app, which successfully mounted it. closes aws#6286
| /** | ||
| * Interface to implement AWS File Systems. | ||
| */ | ||
| export interface IFileSystem extends IResource, ec2.IConnectable { |
There was a problem hiding this comment.
The intention of adding this interface is to have a common interface for all AWS file systems (FSx windows, lustre). This can be moved to aws-core once we have construct for another type of file system.
There was a problem hiding this comment.
For now, don't do this yet. Just make this an IEfsFileSystem interface. We can always add the superinterface later if necessary, and they should probably have different names in any case.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
@pahud istanbul is already integrated with CDK, so whenever you run unit tests, it generates the coverage report at path |
packages/@aws-cdk/aws-efs/README.md
Outdated
|
|
||
| const myVpc = new ec2.Vpc(this, 'VPC'); | ||
| const fileSystem = new efs.EfsFileSystem(this, 'MyEfsFileSystem', { | ||
| vpc: myVpc, |
There was a problem hiding this comment.
Something very trivial, but can you make sure to change indentation to 2 spaces everywhere?
There was a problem hiding this comment.
Example still shows up as 4 spaces for me.
| * | ||
| * @default - no tags will be added | ||
| */ | ||
| readonly fileSystemTags?: Tag[]; |
There was a problem hiding this comment.
Tagging is done centrally (https://docs.aws.amazon.com/cdk/latest/guide/tagging.html) so doesn't need to be added here.
| /** | ||
| * Interface to implement AWS File Systems. | ||
| */ | ||
| export interface IFileSystem extends IResource, ec2.IConnectable { |
There was a problem hiding this comment.
For now, don't do this yet. Just make this an IEfsFileSystem interface. We can always add the superinterface later if necessary, and they should probably have different names in any case.
| * | ||
| * @attribute | ||
| */ | ||
| readonly fileSystemID: string; |
There was a problem hiding this comment.
Id. This will be come file_system_i_d in Python.
| /** | ||
| * Import an existing File System from the given properties. | ||
| */ | ||
| public static fromEfsFileSystemAttributes(scope: Construct, id: string, attrs: EfsFileSystemAttributes): IFileSystem { |
There was a problem hiding this comment.
Can a filesystem imported in this way still be mounted? What would that look like?
There was a problem hiding this comment.
The mount script in the user data just needs the file systems Id, which we are setting in the object here. We additionally need to update the connections to allow connection for a different resource.
Since we are setting both these properties here while importing an existing file system, it will be mounted using the same same way.
| /** | ||
| * EFS Lifecycle Policy, if a file is not accessed for given days, it will move to EFS Infrequent Access. | ||
| * | ||
| * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-filesystem.html#cfn-efs-filesystem-performancemode |
| */ | ||
| export enum EfsLifecyclePolicyProperty { | ||
| /** | ||
| * After 7 days of inaccessibility. |
There was a problem hiding this comment.
Not "inaccessibility", but "not being accessed"
mergify
bot
dismissed
rix0rrr’s stale review
Pull request has been modified.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
* 100% unit test coverage. * This was tested by creating an EFS using this construct in a cdk application. A instance was also created in this app, which successfully mounted it. closes aws#6286
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
(Regular-merging master back to get rid of unrelated changes) |
packages/@aws-cdk/aws-efs/README.md
Outdated
|
|
||
| const myVpc = new ec2.Vpc(this, 'VPC'); | ||
| const fileSystem = new efs.EfsFileSystem(this, 'MyEfsFileSystem', { | ||
| vpc: myVpc, |
There was a problem hiding this comment.
Example still shows up as 4 spaces for me.
packages/@aws-cdk/aws-efs/README.md
Outdated
| }, | ||
| }); | ||
|
|
||
| inst.userData.addCommands("yum check-update -y", |
There was a problem hiding this comment.
I don't like putting in commands that will fail on one of the platforms and then silently ignoring the errors. Be prepared for UserData scripts to be executed under bash -e.
In the example you are creating an Amazon Linux instance, so no real need to add the Ubuntu commands though. If you want to show the commands for multiple platforms (admirable) then show the difference in comments:
inst.userData.addCommands(
'yum check-update -y', // Ubuntu: apt-get -y update
...);Also this example is incomplete, it doesn't show creation of the EFS filesystem and how to allow connections.
packages/@aws-cdk/aws-efs/README.md
Outdated
| "apt-get -y install amazon-efs-utils", | ||
| "yum install -y nfs-utils", | ||
| "apt-get -y install nfs-common", | ||
| "file_system_id_1=" + fileSystem.fileSystemID, |
There was a problem hiding this comment.
Changed to fileSystemId if I'm not mistaken.
| /** | ||
| * Interface to implement AWS File Systems. | ||
| */ | ||
| export interface IEfsFileSystem extends IResource, ec2.IConnectable { |
There was a problem hiding this comment.
Wait, IResource doesn't need to be in here. Sorry missed that on the first go-around.
There was a problem hiding this comment.
Just for my understanding, why don't we need this interface to be implemented here? I believe that the file system act as a cloud formation resource.
There was a problem hiding this comment.
Nevermind, I figured that we are already extending Resource which implements IResource.
| } | ||
| } | ||
|
|
||
| this.efsFileSystem = new CfnFileSystem(this, "FileSystem", { |
There was a problem hiding this comment.
Construct id must be "Resource".
| subnetId | ||
| }); | ||
| this.mountTargets.push(efsMountTarget); | ||
| this.mountTargetIdentifiers.push(efsMountTarget.ref); |
There was a problem hiding this comment.
I see we're now holding on to even more attributes of the mount targets, but why would you need these?
The UserData script you gave uses only the ID and nothing else. Why do we need the IDs and IP addresses?
There was a problem hiding this comment.
The file system can be mounted using the IP addresses as well. The UserData in the example creates the domain name from file system and uses it for mounting. Some users may need the subnet based on IP address to mount it, hence exposing the IP address of all the mount targets.
Exposing Ids is not required, but I took the reference from aws-rds that we do expose both the identifiers and ip address of all the instances, hence exposing to the user.
Should I remove these for now?
There was a problem hiding this comment.
This is probably fine, although in practice people are going to want to use the mount targets in the same AZs as their instances (to cut on cross-AZ traffic fees).
Can the construct accomodate that in its current state?
There was a problem hiding this comment.
Oh I see, using the domain name you don't have to: https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-mount-cmd-general.html
Given that I feel the IP addresses are useless without subnet information to identify them, I vote we don't expose any of the mount target information right now and wait for people to come to us with use cases where they need IP addresses. Then they can tell us how they expect to find the IP address corresponding to their AZ.
There was a problem hiding this comment.
Removing the mount targets for now.
I can think of a way for exposing the IP address along with the subnet information. Will create another PR for the same.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
| subnetId | ||
| }); | ||
| this.mountTargets.push(efsMountTarget); | ||
| this.mountTargetIdentifiers.push(efsMountTarget.ref); |
There was a problem hiding this comment.
This is probably fine, although in practice people are going to want to use the mount targets in the same AZs as their instances (to cut on cross-AZ traffic fees).
Can the construct accomodate that in its current state?
|
|
||
| fileSystem.connections.allowDefaultPortFrom(inst); | ||
|
|
||
| inst.userData.addCommands("yum check-update -y", // Ubuntu: apt-get -y update |
There was a problem hiding this comment.
Do we need to worry about this at all? I don't see IAM permissions mentioned anywhere in your example:
https://docs.aws.amazon.com/efs/latest/ug/iam-access-control-nfs-efs.html
There was a problem hiding this comment.
The default EFS file system policy grants full access to any NFS client that can connect to the file system.
In this example, EFS was not created using any profile permissions, the instance is mounting the file system and hence does require any specific IAM role assigned to it.
There was a problem hiding this comment.
Also, the IAM feature was recently introduced to EFS. Since I started working on the PR before this feature's launch, I haven't added it here and will add this feature in subsequent PR.
| subnetId | ||
| }); | ||
| this.mountTargets.push(efsMountTarget); | ||
| this.mountTargetIdentifiers.push(efsMountTarget.ref); |
There was a problem hiding this comment.
Oh I see, using the domain name you don't have to: https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-mount-cmd-general.html
Given that I feel the IP addresses are useless without subnet information to identify them, I vote we don't expose any of the mount target information right now and wait for people to come to us with use cases where they need IP addresses. Then they can tell us how they expect to find the IP address corresponding to their AZ.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
rix0rrr
changed the title
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
* feat(aws-efs): adding construct library for creating EFS * 100% unit test coverage. * This was tested by creating an EFS using this construct in a cdk application. A instance was also created in this app, which successfully mounted it. closes #6286 * addressing review comments * setting correct ipaddress for mount targets * feat(aws-efs): adding construct library for creating EFS * 100% unit test coverage. * This was tested by creating an EFS using this construct in a cdk application. A instance was also created in this app, which successfully mounted it. closes #6286 * addressing review comments * setting correct ipaddress for mount targets * address review comments v2 * removing mount targets info Co-authored-by: Rico Huijbers <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
* feat(aws-efs): adding construct library for creating EFS * 100% unit test coverage. * This was tested by creating an EFS using this construct in a cdk application. A instance was also created in this app, which successfully mounted it. closes aws#6286 * addressing review comments * setting correct ipaddress for mount targets * feat(aws-efs): adding construct library for creating EFS * 100% unit test coverage. * This was tested by creating an EFS using this construct in a cdk application. A instance was also created in this app, which successfully mounted it. closes aws#6286 * addressing review comments * setting correct ipaddress for mount targets * address review comments v2 * removing mount targets info Co-authored-by: Rico Huijbers <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
A instance was also created in this app, which successfully mounted it.
closes #6286
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license