- 最新
- 投票最多
- 评论最多
Hello
When you create a EFS file system, it's mounted on a client through a mount target [mount target provides an IP address for an NFSv4 endpoint at which you can mount an Amazon EFS file system]. During mount operation, you specify a mount point [this is the local directory on the client where the EFS file system is mounted & accessible on the client]. Essentially you are presenting the top level/root of the filesystem to the client and all the data underneath. You must have proper privileges to perform these operations and you can use IAM to implement security controls. Following link provides good explanation of this along with some diagrams.
https://docs.aws.amazon.com/efs/latest/ug/how-it-works.html
After creating a file system, by default only the root user (UID 0) has read, write, and execute permissions. For other users to modify the file system, the root user must explicitly grant them access. You can use access points to automate the creation of directories that a nonroot user can write from. For more information, see Working with Amazon EFS access points.
https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html https://docs.aws.amazon.com/efs/latest/ug/accessing-fs-nfs-permissions.html
Amazon EFS access points are application-specific entry points into an EFS file system that make it easier to manage application access to shared datasets. Access points can enforce a user identity, including the user's POSIX groups, for all file system requests that are made through the access point. Access points can also enforce a different root directory for the file system so that clients can only access data in the specified directory or its subdirectories.
You can use AWS Identity and Access Management (IAM) policies to enforce that specific applications use a specific access point. By combining IAM policies with access points, you can easily provide secure access to specific datasets for your applications. https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html
Essentially this comes down to the security permissions and how EFS is being used. Possible scenarios can be implementing use of EFS for a single application/user/dataset or multiple application/users/dataset. Hope this helps.
相关内容
AWS 官方已更新 1 年前- AWS 官方已更新 2 年前
- AWS 官方已更新 3 年前
- AWS 官方已更新 2 年前
