Amazon EFS FAQs

Amazon EFS is a fully-managed service that makes it easy to set up, scale, and cost-optimize file storage in the Amazon Cloud. With a few clicks in the Amazon Management Console, you can create file systems that are accessible to Amazon EC2 instances via a file system interface (using standard operating system file I/O APIs) and support full file system access semantics (such as strong consistency and file locking).

Amazon EFS file systems can automatically scale from gigabytes to petabytes of data without needing to provision storage. Tens, hundreds, or even thousands of Amazon EC2 instances can access an Amazon EFS file system at the same time, and Amazon EFS provides consistent performance to each Amazon EC2 instance. Amazon EFS is designed to be highly durable and highly available. With Amazon EFS, there is no minimum fee or setup costs, and you pay only for what you use.

Amazon Web Services  offers cloud storage services to support a wide range of storage workloads.

Amazon EFS is a file storage service for use with Amazon EC2. Amazon EFS provides a file system interface, file system access semantics (such as strong consistency and file locking), and concurrently-accessible storage for up to thousands of Amazon EC2 instances.

Amazon EBS is a block level storage service for use with Amazon EC2. Amazon EBS can deliver performance for workloads that require the lowest-latency access to data from a single EC2 instance.

Amazon S3 is an object storage service. Amazon S3 makes data available through an Internet API that can be accessed anywhere.

To use Amazon EFS, you must have an Amazon Web Services account. If you do not already have an Amazon Web Services account, you can sign up for an Amazon Web Services account and instantly get access to the Amazon Web Services Free Tier in the Amazon Web Services China Region.

Once you have created an Amazon Web Services account, please refer to the Amazon EFS Getting Started guide to begin using Amazon EFS. You can create a file system via the Amazon Management Console, the Amazon Command Line Interface (Amazon CLI), and Amazon EFS API (and various language-specific SDKs).

To access your file system, you mount the file system on an Amazon EC2 Linux-based instance using the standard Linux mount command and the file system’s DNS name. To simplify accessing your EFS file systems, we recommend using the EFS mount helper utility. Once mounted, you can work with the files and directories in your file system just like you would with a local file system.

Amazon EFS uses the Network File System version 4 (NFS v4) protocol. For a step-by-step example of how to access a file system from an Amazon EC2 instance, please see the guide here.

Amazon EFS is a fully-managed service, so all of the file storage infrastructure is managed for you. When you use Amazon EFS, you avoid the complexity of deploying and maintaining complex file system infrastructure. An Amazon EFS file system grows and shrinks automatically as you add and remove files, so you do not need to manage storage procurement or provisioning.

You can administer a file system via the Amazon Management Console, the Amazon command-line interface (CLI), or the Amazon EFS API (and various language-specific SDKs). The Console, API, and SDK provide the ability to create and delete file systems, configure how file systems are accessed, create and edit file system tags, enable features like Provisioned Throughput and Lifecycle Management, and display detailed information about file systems.

You can also use standard Linux copy tools to move data files to Amazon EFS.
For more information about accessing a file system from an on-premises server, please see the On-premises Access section of this FAQ.

Amazon EFS offers four storage classes: two regional storage classes, Amazon EFS Standard (EFS Standard), and Amazon EFS Standard-Infrequent Access (EFS Standard-IA), and two One Zone storage classes, Amazon EFS One Zone (EFS One Zone), and Amazon EFS One Zone-Infrequent Access (EFS One Zone-IA). EFS Standard-IA and EFS One Zone-IA provide price/performance that's cost-optimized for files not accessed every day. By simply enabling EFS Lifecycle Management on your file system, files not accessed according to the lifecycle policy you choose will be automatically and transparently moved into EFS Standard-IA or EFS One Zone-IA, depending on whether your file system uses regional or One Zone storage classes.

File systems using Amazon EFS One Zone storage classes are not resilient to a complete AZ outage. In the event of an AZ outage, you will experience a loss of availability, because your file system data is not replicated to a different AZ. In the event of disaster or fault within an AZ affecting all copies of your data, or a permanent AZ loss, you may experience loss of data that has not been replicated using Amazon EFS Replication to keep an up-to-date copy of your file system in a second Amazon Web Services Region or an AZ. EFS Replication is designed to meet a recovery point objective (RPO) and recovery time objective (RTO) of minutes. You can also use Amazon Backup to store additional copies of your file system data and restore them to a new file system in an AZ or Region of your choice. Amazon EFS file system backup data created and managed by Amazon Backup is replicated to 3 AZs and is designed for 99.999999999% (11 9’s) durability.

You can use Amazon EFS Replication or Amazon Backup to guard your EFS One Zone file system against the loss of an AZ. Amazon EFS Replication replicates your file system data to another Amazon Web Services Region or within the same Region in a few clicks, without requiring additional infrastructure or a custom process to monitor and synchronize data changes. EFS replication is continuous and designed to provide a recovery point objective (RPO) and a recovery time objective (RTO) of minutes for most file systems. 

Backups are enabled by default for all file systems using Amazon EFS One Zone storage classes. You can disable this setting when creating file systems. You are able to restore your file data from a recent backup to a newly created file system in any operating AZ in the event of an AZ loss. If Amazon EFS is impacted by an AZ loss, and your data is stored in One Zone storage classes, you may experience data loss for files that have changed since the last automatic backup.

EFS Replication allows you to replicate your file system data to another Amazon Web Services Region or within the same Region in a few clicks, without requiring additional infrastructure or a custom process to monitor and synchronize data changes. Amazon EFS Replication automatically and transparently replicates your data to a second file system in a Region or AZ of your choice. You can use the Amazon EFS console, Amazon Web Services CLI, and APIs to enable replication on an existing file system. EFS Replication is continuous and designed to provide a recovery point objective (RPO) and a recovery time objective (RTO) of minutes, enabling you to meet your compliance and business continuity goals.

If you have requirements to maintain a copy of your file system hundreds of miles apart for purposes of disaster recovery, compliance, or business continuity planning, EFS Replication can help you meet those requirements. For applications that require a low network latency cross-region access, Amazon EFS Replication provides a read-only copy in the region of your choice. With Amazon EFS Replication, you can cost-optimize and save up to 75% on your disaster recovery storage costs by using low-cost EFS One Zone storage classes and a 7-day age-off lifecycle management policy for your destination file system. There is no need to build and maintain a custom process for data replication. EFS Replication also makes it easy to monitor and alarm on your RPO status using Amazon CloudWatch.

Using the Amazon EFS console, simply enable Replication on the file system you want to replicate (source file system) and choose the Region or AZ where you want to store the replica (destination). You can also use the CreateReplicationConfiguration API from the Amazon Web Services CLI or SDK to enable EFS Replication. As part of configuring EFS Replication, you’ll choose the Region in which to create your replica. If you choose to use EFS One Zone storage classes for your replica, you must also select your file system’s AZ. Once EFS Replication is enabled, Amazon EFS will automatically create a new destination file system in the destination Region or AZ you’ve selected. You can select the destination file system’s lifecycle management policy, backup policies, provisioned throughput, mount targets, and access points independent of the source file system. For example, you can optimize the destination file system storage costs by enabling EFS Lifecycle Management with a shorter age-off policy (such as 7 days) when compared to the source file system’s age-off policy (such as 7, 14, 30, 60, or 90 days). EFS Replication configurations such as the replication pair (source and destination), replication status, and last completed replication timestamp can be accessed using the DescribeReplicationConfigurations API.

When you enable EFS Replication on a file system, Amazon EFS automatically creates a new file system in the destination region and begins copying your data into it. Once the initial copy is completed, EFS Replication copies changes incrementally to deliver an RPO of minutes for most file systems. EFS Replication preserves all metadata, such as owners and permissions, when copying changes to files and folders. While EFS Replication is enabled, your destination file system is in read-only mode and can be updated only by EFS Replication. In the event that your source file system is unavailable, you can failover to the destination file system by deleting replication. Deleting the Replication makes the destination file system writeable for your applications to use.

Yes. When EFS Replication is enabled, you can modify your destination file system configuration settings, such as its lifecycle management policy including intelligent-tiering, backup policy, mount targets, access points, and provisioned throughput. All destination file systems are created with encryption of data at rest enabled irrespective of the source file system setting. You cannot change the performance mode of the destination file system. It always matches that of the source file system, except when you create a One Zone replica. In that case, General Purpose performance mode is used because Max I/O performance mode is not supported by EFS One Zone storage classes.

You cannot delete either your source or your destination file system if it’s part of a replication pair. In order to delete one of the file systems in the pair, you first need to delete the replication configuration.

No. EFS Replication doesn’t provide point-in-time consistent replication. EFS Replication publishes a timestamp metric on Amazon CloudWatch called TimeSinceLastSync. All changes made to your source file system at least as of the published time will be copied over to the destination. Changes to your source file system after the recorded time may not have been replicated over. You can monitor the health of your EFS Replication using Amazon CloudWatch. If you interrupt the replication process due to a disaster recovery event, some files from the source file system may have transferred over but are not yet copied to their final locations on your destination file system. These files and their contents can be found on your destination file system in a lost+found directory created by EFS Replication under the root directory.

Yes. When you enable EFS Replication for the first time, the replica file system will be automatically created for you. It’s created in the Region of your choosing without mount targets. You can then create mount targets for your replica file system in the VPC of your choosing. You can also change the VPC for your replica file system by deleting any existing mount targets and creating new ones in a VPC of your choosing.

When your replication is in Enabled state, only EFS Replication is allowed to make changes to your destination file system. You can access your replica in the read-only mode during this time. In the event of a disaster you can fail over to your destination file system by deleting your replication configuration from the Amazon EFS console or by using the DeleteReplicationConfiguration API. When you delete the Replication, Amazon EFS will stop replicating additional changes and make the destination file system writeable. You can then point your application to your destination file system to continue your operations. You can use the Amazon EFS console or the DescribeReplicationConfigurations API call to check your destination file system status after you’ve failed over.

For all file systems, Amazon EFS automatically and transparently encrypts all Amazon EFS network traffic using Transport Layer Security (TLS) version 1.2. Your destination file system is created with encryption at rest enabled. You can select an encryption key from those available in the destination Region Amazon Key Management Service (KMS) or by using the default service “aws/elasticfilesystem” key in the Region where your destination file system is located.

To create and delete a replication, your Amazon IAM or resource-based policy must have permission for the Amazon EFS API calls CreateFileSystem, CreateReplicationConfiguration, and DescribeReplicationConfigurations.

No. EFS Replication traffic always stays on the China Amazon Web Services backbone.

No. EFS Replication supports replication between exactly two file systems.

No. Amazon EFS does not support replicating file systems to a different Amazon Web Services account.

No. EFS Replication activity does not consume burst credits or count against the file system IOPS and throughput limits for either file system in a replication pair.

Yes. When you first enable EFS Replication, your replica file system will be created in read-only mode and your entire source file system will be copied to the destination you selected. The time to complete this operation depends on the size of your source file system. Although you can failover to your destination file system at any time, it is recommended that you wait until the copy is complete to minimize data loss. You can monitor the progress of your replication from the Amazon EFS console, which displays a timestamp that indicates the last time your source file system and destination file system were synchronized.

The expected latency for your Amazon EFS file system depends on the storage class, the performance mode (General Purpose or Max I/O), and the file system operation type (read or write). The table that follows displays the average expected latency for General Purpose file systems.

Latency on Max I/O file systems is single-digit to double-digit milliseconds.

With bursting mode, the default throughput mode for Amazon EFS file systems, the throughput available to a file system scales as a file system grows. Because file-based workloads are typically spiky — requiring high levels of throughput for periods of time and lower levels of throughput the rest of the time — Amazon EFS is designed to burst to allow high throughput levels for periods of time. Also, because many workloads are read-heavy, read operations are metered at a 1:3 ratio to other NFS operations (like write). All file systems deliver a consistent baseline performance of 50 MB/s per TB of Standard class storage, all file systems (regardless of size) can burst to 100 MB/s, and file systems with more than 1TB of Standard class storage can burst to 100 MB/s per TB. Read operations are metered at a 1:3 ratio, so you can drive up to 300 MiB/s per TiB of read throughput. As you add data to your file system, the maximum throughput available to the file system scales linearly and automatically with your storage in the Amazon EFS Standard or Amazon EFS One Zone storage class. If you need more throughput than you can achieve with your amount of data stored, you can configure Provisioned Throughput to the specific amount your workload requires.

File system throughput is shared across all Amazon EC2 instances connected to a file system. For example, a 1TB file system that can burst to 100 MB/s of throughput can drive 100 MB/s from a single Amazon EC2 instance, or 10 Amazon EC2 instances can each drive 10 MB/s (100 MB/s collectively). For more information, please see the documentation on File System Performance.

Provisioned Throughput enables Amazon EFS customers to provision their file system’s throughput independent of the amount of data stored, optimizing their file system throughput performance to match their application’s needs.

Amazon EFS Provisioned Throughput is available for applications with a high throughput to storage (MB/s per TB) ratio. For example, customers using Amazon EFS for development tools, web serving or content management applications, where the amount of data in their file system is low relative to throughput demands, are able to instantly get the high levels of throughput their applications require.

You can select your file system’s throughput mode via the Amazon Web Services Console, Amazon CLI, or Amazon API. For more details, see the documentation on Provisioned Throughput.

When you select Provisioned Throughput for your file system, you can provision the throughput of your file system independently from the amount of data stored and pay for the storage and Provisioned Throughput separately. (ex. $0.30 per GB-Month for EFS Standard storage and $6.00 per MB/s-Month for Provisioned Throughput in US-East (N. Virginia)). Read operations are metered at a 1:3 ratio, so you can drive up to 3 MiB/s of read throughput for each 1 MiB/s of throughput provisioned.

Provisioned Throughput also includes 50 KB/s per GB (or 1 MB/s per 20 GB) of throughput in the price of Standard storage. For example, if you store 20 GB for a month on Amazon EFS Standard and configure a throughput of 5 MB/s for a month you will be billed for 20 GB-Month of storage and 4 (5-1) MB/s-Month of throughput.

In the Provisioned Throughput mode, you are billed for storage you use and throughput you provisioned independently. You are billed hourly in the following dimensions:

• Storage (per GB-Month) - You are billed for the amount of storage you use in GB-Month.
• Throughput (per MB/s-Month) – You are billed for throughput you provision in MB/s-Month.

In the default Bursting Throughput mode, the throughput of your file system scales with the amount of data stored. If your file system in the Provisioned Throughput mode grows in size after the initial configuration, it is possible that your file system has a higher baseline rate in the Bursting Throughput mode than the Provisioned Throughput mode.

In such cases, your file system throughput will be the throughput it is entitled to in the default Bursting Throughput mode and you will not incur any additional charge for the throughput beyond the bursting storage cost. You will also be able to burst according to the Amazon EFS throughput bursting model.

Amazon EFS offers the ability to encrypt data at rest and in transit.

Data encrypted at rest is transparently encrypted while being written, and transparently decrypted while being read, so you don’t have to modify your applications. Encryption keys are managed by the Amazon Key Management Service (KMS), eliminating the need to build and maintain a secure key management infrastructure.

Data encryption in transit uses industry standard Transport Layer Security (TLS) 1.2 to encrypt data sent between your clients and EFS file systems.

Encryption of data at rest and of data in transit can be configured together or separately to help meet your unique security requirements.

For more details, see the user documentation on Encryption.

Amazon KMS manages the encryption keys for encrypted data at rest on EFS file systems. Amazon KMS is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. Amazon Key Management Service is integrated with Amazon Web Services services including Amazon EFS, Amazon EBS, and Amazon S3, to make it simple to encrypt your data with encryption keys that you manage. Amazon Key Management Service is also integrated with Amazon CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.

You can enable encryption at rest in the EFS console or by using the Amazon CLI or SDKs. When creating a new file system in the EFS console, click “Create File System” and click the checkbox to enable encryption.

Data can be encrypted in transit between your Amazon EFS file system and its clients by using the EFS mount helper.

Encryption of data at rest and of data in transit can be configured together or separately to help meet your unique security requirements.

For more details, see the user documentation on Encryption.

To access EFS file systems from on-premises, you must have an Amazon Direct Connect connection between your on-premises datacenter and your Amazon VPC.

You mount an EFS file system on your on-premises Linux server using the standard Linux mount command for mounting a file system via the NFSv4.1 protocol.

For more information about accessing EFS file systems from on-premises servers, please see the documentation.

You can mount your Amazon EFS file systems on your on-premises servers, and move file data to and from Amazon EFS using standard Linux tools and scripts. The ability to move file data to and from Amazon EFS file systems enables three use cases.

First, you can migrate data from on-premises datacenters to permanently reside in Amazon EFS file systems.

Second, you can support cloud bursting workloads to offload your application processing to the cloud. You can move data from your on-premises servers into your EFS file systems, analyze it on a cluster of EC2 instances in your Amazon VPC, and store the results permanently in your EFS file systems or move the results back to your on-premises servers.

Third, you can periodically copy your on-premises file data to EFS to support backup and disaster recovery scenarios.

Amazon EFS is integrated with a number of other Amazon Web Services services, including Amazon CloudWatch, Amazon CloudFormation, Amazon CloudTrail, Amazon IAM, and Amazon Tagging services.

Amazon CloudWatch allows you to monitor file system activity using metrics. Amazon CloudFormation allows you to create and manage file systems using templates.

Amazon CloudTrail allows you to record all Amazon EFS API calls in log files.

Amazon Identity and Access Management (IAM) allows you to control who can administer your file system. Amazon Web Services Tagging services allows you to label your file systems with metadata that you define.

With Amazon EFS, you pay only for what you use per month.

When using the Provisioned Throughput mode you pay for the throughput you provision per month. There is no minimum fee and there are no set-up charges.

EFS Standard-IA and EFS One Zone-IA are priced based on the amount of storage used and the amount of data accessed. Until Lifecycle Management fully moves your file to EFS Standard-IA or EFS One Zone-IA, it is stored on EFS Standard or EFS One Zoned and billed at the Standard or EFS One Zone rate, respectively, depending on where your data is stored.

For more Amazon EFS pricing information, please visit the Amazon EFS Pricing page.