Amazon EFS now delivers additional permissions for enhanced control of directory and file access



Amazon Elastic File System (Amazon EFS) supports the use of setgid and sticky bit special permissions on directories. This new capability allows users to customize access permissions for shared directories across a set of file system users.

When the setgid permission is set on a directory, files created in the directory belong to the group associated with the directory (instead of the group to which the user creating the file belongs). The sticky bit is used to restrict deletion and renaming of files to the owner of the file or directory or to the root user.

Amazon EFS provides simple, scalable file storage for use with Amazon EC2 instances in the AWS Cloud. Amazon EFS is easy to use and offers a simple interface that can create and configure file systems quickly and easily. With Amazon EFS, storage capacity is elastic, growing and shrinking automatically as the user adds and removes files, so that applications have the storage needed, when they need it.

When mounted on Amazon EC2 instances, an Amazon EFS file system provides a standard file system interface and file system access semantics, allowing seamlessly integration of Amazon EFS with existing applications and tools. Multiple Amazon EC2 instances can access an Amazon EFS file system at the same time, allowing Amazon EFS to provide a common data source for workloads and applications running on more than one Amazon EC2 instance.

Users can also mount the Amazon EFS file systems on the on-premises datacenter servers when connected to Amazon VPC with AWS Direct Connect. By mounting the EFS file systems on on-premises servers to migrate data sets to EFS, consumers are enabling cloud bursting scenarios, or backup on-premises data to EFS.

Amazon EFS is designed for high availability and durability, and provides performance for a broad spectrum of use cases, including web and content serving, enterprise applications, media processing workflows, container storage and big data and analytics applications.

Amazon EFS also now supports running binary files that are configured as execute-only. This capability allows users to configure access permissions for executable files such that they can be only executed and not read or written.

Amazon EFS provides a file system interface (using standard operating system file I/O APIs) and file system access semantics (such as strong data consistency and file locking). Amazon EC2 instances mount Amazon EFS file systems via the NFSv4.1 protocol, using standard operating system mount commands.

Amazon EFS is designed to provide the throughput, IOPS, and low latency needed for a broad range of workloads. With Amazon EFS, throughput and IOPS scale as a file system grows, and file operations are delivered with consistent, low latencies.

Amazon EFS allows control access to file systems through POSIX permissions. It uses Amazon Virtual Private Cloud (Amazon VPC) to manage network access, AWS Identity and Access Management (IAM), to control access to Amazon EFS APIs, and allows encryption of data at rest using keys managed by AWS Key Management Service (KMS).

Leave a Reply

WWPI – Covering the best in IT since 1980