Amazon EFS Cheat Sheet

Home » AWS Certification Cheat Sheets » AWS Certified Solutions Architect Associate Cheat Sheets » AWS Storage » Amazon EFS Cheat Sheet


Amazon EFS Cheat Sheet for the AWS Certified Solutions Architect Associate (SAA-C02) exam. This AWS cheat sheet contains detailed exam-specific facts to help you pass your AWS Certified Solutions Architect exam.

Amazon EFS Cheat Sheet

EFS is a fully-managed service that makes it easy to set up and scale file storage in the Amazon Cloud.

Implementation of an NFS file share and is accessed using the NFS protocol.

Elastic storage capacity and pay for what you use (in contrast to EBS with which you pay for what you provision).

Multi-AZ metadata and data storage.

Can configure mount-points in one, or many, AZs.

Can be mounted from on-premises systems ONLY if using Direct Connect or a VPN connection.

Good for big data and analytics, media processing workflows, content management, web serving, home directories etc.

Pay for what you use (no pre-provisioning required).

Can scale up to petabytes.

EFS is elastic and grows and shrinks as you add and remove data.

Can concurrently connect 1 to 1000s of EC2 instances, from multiple AZs.

A file system can be accessed concurrently from all AZs in the region where it is located.

The following diagram depicts the various options for mounting an EFS filesystem:

Amazon EFS Overview

By default you can create up to 10 file systems per account.

Access to EFS file systems from on-premises servers can be enabled via Direct Connect or AWS VPN.

You mount an EFS file system on your on-premises Linux server using the standard Linux mount command for mounting a file system via the NFSv4.1 protocol.

Can choose General Purpose or Max I/O (both SSD).

The VPC of the connecting instance must have DNS hostnames enabled.

EFS provides a file system interface, file system access semantics (such as strong consistency and file locking).

Data is stored across multiple AZ’s within a region.

Read after write consistency.

Need to create mount targets and choose AZ’s to include (recommended to include all AZ’s).

Instances can be behind an ELB.

EC2 Classic instances must mount via ClassicLink.

EFS is compatible with all Linux-based AMIs for Amazon EC2.

Prefer to learn by doing? In the AWS Hands-On Labs video tutorial below, we’ll show you how to create an Amazon EFS filesystem and mount the filesystem to a Linux instance running on Amazon EC2.

Using the EFS-to-EFS Backup solution, you can schedule automatic incremental backups of your Amazon EFS file system.

The following table provides a comparison of the storage characteristics of EFS vs EBS:

Storage Characteristics Comparison EFS and EBS


There are two performance modes:

“General Purpose” performance mode is appropriate for most file systems.

“Max I/O” performance mode is optimized for applications where tens, hundreds, or thousands of EC2 instances are accessing the file system.

Amazon EFS is designed to burst to allow high throughput levels for periods of time.

Amazon EFS file systems are distributed across an unconstrained number of storage servers, enabling file systems to grow elastically to petabyte scale and allowing massively parallel access from Amazon EC2 instances to your data.

This distributed data storage design means that multithreaded applications and applications that concurrently access data from multiple Amazon EC2 instances can drive substantial levels of aggregate throughput and IOPS.

The table below compares high-level performance and storage characteristics for AWS’s file  (EFS) and block (EBS) cloud storage offerings:

Performance Comparison EFS and EBS

Access Control

When you create a file system, you create endpoints in your VPC called “mount targets”.

When mounting from an EC2 instance, your file system’s DNS name, which you provide in your mount command, resolves to a mount target’s IP address.

You can control who can administer your file system using IAM.

You can control access to files and directories with POSIX-compliant user and group-level permissions.

POSIX permissions allow you to restrict access from hosts by user and group .

EFS Security Groups act as a firewall, and the rules you add define the traffic flow.

EFS Encryption

EFS offers the ability to encrypt data at rest and in transit.

Encryption keys are managed by the AWS Key Management Service (KMS).

Data encryption in transit uses industry standard Transport Layer Security (TLS) 1.2 to encrypt data sent between your clients and EFS file systems.

Data encrypted at rest is transparently encrypted while being written, and transparently decrypted while being read.

Enable encryption at rest in the EFS console or by using the AWS CLI or SDKs.

Encryption of data at rest and of data in transit can be configured together or separately to help meet your unique security requirements.


EFS is integrated with a number of other AWS services, including CloudWatch, CloudFormation, CloudTrail, IAM, and Tagging services.

CloudWatch allows you to monitor file system activity using metrics.

CloudFormation allows you to create and manage file systems using templates.

CloudTrail allows you to record all Amazon EFS API calls in log files.

IAM allows you to control who can administer your file system.

Tagging services allows you to label your file systems with metadata that you define.

Pricing and Billing

You pay only for the amount of file system storage you use per month.

When using the Provisioned Throughput mode you pay for the throughput you provision per month.

There is no minimum fee and there are no set-up charges.

Also in AWS Storage

Amazon S3

Amazon Elastic Block Store

Amazon Storage Gateway

Amazon FSx