Syncing EFS across regions

Hi,

You probably want to implement EFS cross-region replication to stay simple and compact:

See all implementation details at https://aws.amazon.com/blogs/storage/use-cases-for-amazon-efs-replication/

Best,

Didier

For your scenario of syncing EFS data across regions for Linux Home Directories, there are a few options to consider, with AWS DataSync and EFS Replication being the most suitable solutions.

1. AWS DataSync: AWS DataSync is indeed a viable option for transferring data between two EFS file systems in different regions. It allows you to perform one-time data migrations, periodic data ingestion, and automate replication for data protection and recovery. With DataSync, you can set up transfers between EFS file systems in different AWS Regions and even between file systems owned by different AWS accounts.

To achieve bi-directional synchronization, you would need to set up two DataSync tasks: one from US-East to US-West and another from US-West to US-East. This approach gives you flexibility in scheduling and managing the sync processes independently.

2. EFS Replication: Amazon EFS offers a built-in replication feature that might be more suitable for your use case. EFS Replication automatically keeps the source and destination file systems synchronized. After creating a replication configuration, EFS will maintain synchronization between the file systems.

EFS Replication offers several advantages:

• It's designed to maintain a Recovery Point Objective (RPO) of 15 minutes for most file systems.
• It's fully managed by AWS, reducing operational overhead.
• It provides continuous replication rather than scheduled sync jobs.

To set up EFS Replication:

1. Create a replication configuration for your source file system in US-East.
2. Choose US-West as the destination region.
3. EFS will create a new file system in US-West or you can replicate to an existing file system.

EFS Replication is unidirectional by default. If you need bi-directional replication, you would need to set up a second replication configuration in the opposite direction.

Considering your requirements for user data synchronization and regional resilience, EFS Replication might be the better option. It provides continuous, automated replication with a low RPO, which is ideal for keeping user home directories in sync across regions. This approach also provides better resilience in case of a regional outage.

If you choose to use EFS Replication, you won't need to manage separate sync jobs or worry about scheduling. The replication process will continuously keep the file systems in both regions synchronized, ensuring that user data is available and up-to-date regardless of which region they log into.

Remember to consider the associated costs and test the solution thoroughly to ensure it meets your specific requirements for performance and data consistency.
Sources
Amazon Elastic File System (EFS) | Cloud File Storage | FAQs
Synchronize data between Amazon EFS file systems in different AWS Regions by using AWS DataSync - AWS Prescriptive Guidance
Replicating EFS file systems - Amazon Elastic File System
Using AWS DataSync to transfer data - Amazon Elastic File System
Configuring replication to an existing EFS file system - Amazon Elastic File System

EFS cross-region replication is most likely the best solution for bastion home directory use-case. It doesn't provide 2 way replication (second region is readonly) or cross-account (if you want to be prepared for evil-operator) but if that is acceptable then I would use it.

If you want to have multiple writers and/or cross-account replication you can build it with FSx Lustre and S3 as described in https://carriagereturn.nl/aws/fsx/lustre/s3/multi-region/dr/2023/10/23/multiregion-fs.html However this is will be more complex to setup (maintenance is simple) and (too?) expensive for such limited use-case.