Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Using ACL or NFSACL with EFS

0

Hi, We have security requirements that can't easily be met with basic UNIX permissions. Is there a way to use ACL on an EFS filesystem? Thanks

Temas
Almacenamiento
Etiquetas
Amazon Elastic File System
Idioma
English
AWS-User-9380950
preguntada hace 2 años2027 visualizaciones
2 Respuestas
0

Hello

You can use both IAM identity policies and resource policies to control client access to Amazon EFS resources in a way that is scalable and optimized for cloud environments. Using IAM, you can permit clients to perform specific actions on a file system, including read-only, write, and root access.

Please have a look here https://docs.aws.amazon.com/efs/latest/ug/iam-access-control-nfs-efs.html

Thank You Ganesh

profile picture
GK
respondido hace 2 años
  • AWS-User-9380950
    hace 2 años

    Hi Ganesh, thanks for your reply. This seems to apply to the whole filesystem. I need to be able to have a way to set fairly granular permissions at the files within the filesystems. Just like we normally can do on an NFSv4 mount. Did I miss something in the link you shared?

  • GK
    hace 2 años

    I never done this before but something related here , did you look at this before https://docs.aws.amazon.com/efs/latest/ug/accessing-fs-nfs-permissions.html

0

Greetings,

I see you are trying to set detailed access permissions on EFS.

There are a few options you can use to control access to directories and files in EFS.

  1. EFS file systems support Unix-style read, write, and execute permissions based on the user and group ID. https://docs.aws.amazon.com/efs/latest/ug/user-and-group-permissions.html

  2. Use a Resource Policy to grant read and write access permission to a specific AWS Role. https://docs.aws.amazon.com/efs/latest/ug/security_iam_resource-based-policy-examples.html

  3. Create an EFS access point and use an IAM policy to enforce that a specific NFS client, identified by its IAM role, can only access a specific access point. The access point should mount the file system on the directory you wish to grant access to. You can then set permissions on this directory. This option may be more inline with what you are trying to achieve. https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html#access-points-iam-policy

Additional Resources:

[1] Mounting with EFS Access Points - https://docs.aws.amazon.com/efs/latest/ug/mounting-access-points.html

[2] Mounting with IAM Authorization - https://docs.aws.amazon.com/efs/latest/ug/mounting-IAM-option.html

Josue_S
respondido hace 8 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante