Using ACL or NFSACL with EFS

0

Hi, We have security requirements that can't easily be met with basic UNIX permissions. Is there a way to use ACL on an EFS filesystem? Thanks

asked 2 years ago1893 views
2 Answers
0

Hello

You can use both IAM identity policies and resource policies to control client access to Amazon EFS resources in a way that is scalable and optimized for cloud environments. Using IAM, you can permit clients to perform specific actions on a file system, including read-only, write, and root access.

Please have a look here https://docs.aws.amazon.com/efs/latest/ug/iam-access-control-nfs-efs.html

Thank You Ganesh

GK
answered 2 years ago
  • Hi Ganesh, thanks for your reply. This seems to apply to the whole filesystem. I need to be able to have a way to set fairly granular permissions at the files within the filesystems. Just like we normally can do on an NFSv4 mount. Did I miss something in the link you shared?

  • I never done this before but something related here , did you look at this before https://docs.aws.amazon.com/efs/latest/ug/accessing-fs-nfs-permissions.html

0

Greetings,

I see you are trying to set detailed access permissions on EFS.

There are a few options you can use to control access to directories and files in EFS.

  1. EFS file systems support Unix-style read, write, and execute permissions based on the user and group ID. https://docs.aws.amazon.com/efs/latest/ug/user-and-group-permissions.html

  2. Use a Resource Policy to grant read and write access permission to a specific AWS Role. https://docs.aws.amazon.com/efs/latest/ug/security_iam_resource-based-policy-examples.html

  3. Create an EFS access point and use an IAM policy to enforce that a specific NFS client, identified by its IAM role, can only access a specific access point. The access point should mount the file system on the directory you wish to grant access to. You can then set permissions on this directory. This option may be more inline with what you are trying to achieve. https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html#access-points-iam-policy

Additional Resources:

[1] Mounting with EFS Access Points - https://docs.aws.amazon.com/efs/latest/ug/mounting-access-points.html

[2] Mounting with IAM Authorization - https://docs.aws.amazon.com/efs/latest/ug/mounting-IAM-option.html

Josue_S
answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions