- 최신
- 최다 투표
- 가장 많은 댓글
Hello
You can use both IAM identity policies and resource policies to control client access to Amazon EFS resources in a way that is scalable and optimized for cloud environments. Using IAM, you can permit clients to perform specific actions on a file system, including read-only, write, and root access.
Please have a look here https://docs.aws.amazon.com/efs/latest/ug/iam-access-control-nfs-efs.html
Thank You Ganesh
Greetings,
I see you are trying to set detailed access permissions on EFS.
There are a few options you can use to control access to directories and files in EFS.
-
EFS file systems support Unix-style read, write, and execute permissions based on the user and group ID. https://docs.aws.amazon.com/efs/latest/ug/user-and-group-permissions.html
-
Use a Resource Policy to grant read and write access permission to a specific AWS Role. https://docs.aws.amazon.com/efs/latest/ug/security_iam_resource-based-policy-examples.html
-
Create an EFS access point and use an IAM policy to enforce that a specific NFS client, identified by its IAM role, can only access a specific access point. The access point should mount the file system on the directory you wish to grant access to. You can then set permissions on this directory. This option may be more inline with what you are trying to achieve. https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html#access-points-iam-policy
Additional Resources:
[1] Mounting with EFS Access Points - https://docs.aws.amazon.com/efs/latest/ug/mounting-access-points.html
[2] Mounting with IAM Authorization - https://docs.aws.amazon.com/efs/latest/ug/mounting-IAM-option.html
Hi Ganesh, thanks for your reply. This seems to apply to the whole filesystem. I need to be able to have a way to set fairly granular permissions at the files within the filesystems. Just like we normally can do on an NFSv4 mount. Did I miss something in the link you shared?
I never done this before but something related here , did you look at this before https://docs.aws.amazon.com/efs/latest/ug/accessing-fs-nfs-permissions.html