Skip to content

Commit

Permalink
feat(efs): allow to specify az for one-zone (#30010)
Browse files Browse the repository at this point in the history
### Issue # (if applicable)

This PR allows users to specify AZ for the one-zone filesystems through the `vpcSubnets.availabilityZones`. Before this PR, `vpcSubnets` is not allowed when `oneZone` is enabled, this PR removes the restriction and takes the following use cases into considerations:

- [x] create a regional EFS file system with a mount target for each AZ
- [x] create a one-zone EFS file system with mount target at the auto-selected AZ
- [x] create a one-zone EFS file system at specified AZ with a single mount target at that AZ
- [x] create a regional EFS file system with a single mount target at the specified AZ

Closes #30005

### Reason for this change



### Description of changes



### Description of how you validated changes

1. Add additional unit tests.
2. I have deployed the code below and validated from my AWS console.

```ts
// create a regional EFS file system with a mount target for each AZ
new FileSystem(stack, 'FileSystem1', {
  vpc,
});

// create a one-zone EFS file system with mount target at the auto-selected AZ
new FileSystem(stack, 'FileSystem2', {
  vpc,
  oneZone: true,
});

// create a one-zone EFS file system at specified AZ with a single mount target at that AZ
new FileSystem(stack, 'FileSystem3', {
  vpc,
  oneZone: true,
  vpcSubnets: {
    availabilityZones: [vpc.availabilityZones[1]],
  },
});

// create a regional EFS file system with a single mount target at the specified AZ
new FileSystem(stack, 'FileSystem4', {
  vpc,
  vpcSubnets: {
    availabilityZones: [vpc.availabilityZones[2]],
  },
});

```


### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
pahud authored May 1, 2024
1 parent c389a8b commit cbf130e
Show file tree
Hide file tree
Showing 11 changed files with 607 additions and 263 deletions.

This file was deleted.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -489,7 +489,7 @@
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
},
"S3Key": "4554b47be6f57b68c6c7a7391dcc73894866d2377fe174883351e7639097f292.zip"
"S3Key": "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1.zip"
},
"Timeout": 900,
"MemorySize": 128,
Expand Down Expand Up @@ -589,6 +589,89 @@
"Ref": "VpcPrivateSubnet1Subnet536B997A"
}
}
},
"FileSystem2C84D7800": {
"Type": "AWS::EFS::FileSystem",
"Properties": {
"AvailabilityZoneName": {
"Fn::Select": [
1,
{
"Fn::GetAZs": ""
}
]
},
"Encrypted": true,
"FileSystemPolicy": {
"Statement": [
{
"Action": [
"elasticfilesystem:ClientRootAccess",
"elasticfilesystem:ClientWrite"
],
"Condition": {
"Bool": {
"elasticfilesystem:AccessedViaMountTarget": "true"
}
},
"Effect": "Allow",
"Principal": {
"AWS": "*"
}
}
],
"Version": "2012-10-17"
},
"FileSystemTags": [
{
"Key": "Name",
"Value": "test-efs-one-zone-integ/FileSystem2"
}
]
},
"UpdateReplacePolicy": "Retain",
"DeletionPolicy": "Retain"
},
"FileSystem2EfsSecurityGroup2AF8F758": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "test-efs-one-zone-integ/FileSystem2/EfsSecurityGroup",
"SecurityGroupEgress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "Allow all outbound traffic by default",
"IpProtocol": "-1"
}
],
"Tags": [
{
"Key": "Name",
"Value": "test-efs-one-zone-integ/FileSystem2"
}
],
"VpcId": {
"Ref": "Vpc8378EB38"
}
}
},
"FileSystem2EfsMountTargetPrivateSubnet26E5947D6": {
"Type": "AWS::EFS::MountTarget",
"Properties": {
"FileSystemId": {
"Ref": "FileSystem2C84D7800"
},
"SecurityGroups": [
{
"Fn::GetAtt": [
"FileSystem2EfsSecurityGroup2AF8F758",
"GroupId"
]
}
],
"SubnetId": {
"Ref": "VpcPrivateSubnet2Subnet3788AAA1"
}
}
}
},
"Parameters": {
Expand Down
Loading

0 comments on commit cbf130e

Please sign in to comment.