feat(efs): allow to specify az for one-zone (#30010)

### Issue # (if applicable) This PR allows users to specify AZ for the one-zone filesystems through the `vpcSubnets.availabilityZones`. Before this PR, `vpcSubnets` is not allowed when `oneZone` is enabled, this PR removes the restriction and takes the following use cases into considerations: - [x] create a regional EFS file system with a mount target for each AZ - [x] create a one-zone EFS file system with mount target at the auto-selected AZ - [x] create a one-zone EFS file system at specified AZ with a single mount target at that AZ - [x] create a regional EFS file system with a single mount target at the specified AZ Closes #30005 ### Reason for this change ### Description of changes ### Description of how you validated changes 1. Add additional unit tests. 2. I have deployed the code below and validated from my AWS console. ```ts // create a regional EFS file system with a mount target for each AZ new FileSystem(stack, 'FileSystem1', { vpc, }); // create a one-zone EFS file system with mount target at the auto-selected AZ new FileSystem(stack, 'FileSystem2', { vpc, oneZone: true, }); // create a one-zone EFS file system at specified AZ with a single mount target at that AZ new FileSystem(stack, 'FileSystem3', { vpc, oneZone: true, vpcSubnets: { availabilityZones: [vpc.availabilityZones[1]], }, }); // create a regional EFS file system with a single mount target at the specified AZ new FileSystem(stack, 'FileSystem4', { vpc, vpcSubnets: { availabilityZones: [vpc.availabilityZones[2]], }, }); ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · May 1, 2024 · cbf130e · cbf130e
1 parent c389a8b
commit cbf130e
Show file tree

Hide file tree

Showing 11 changed files with 607 additions and 263 deletions.
diff --git a/.../asset.4554b47be6f57b68c6c7a7391dcc73894866d2377fe174883351e7639097f292/__entrypoint__.js b/.../asset.4554b47be6f57b68c6c7a7391dcc73894866d2377fe174883351e7639097f292/__entrypoint__.js
diff --git a/.../asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js b/.../asset.bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1/__entrypoint__.js
diff --git a/...4866d2377fe174883351e7639097f292/index.js → ...b0f5eb5345005114dd60342e0b8a85a1/index.js b/...4866d2377fe174883351e7639097f292/index.js → ...b0f5eb5345005114dd60342e0b8a85a1/index.js
diff --git a/...framework-integ/test/aws-efs/test/integ.efs-filesystem-one-zone.js.snapshot/manifest.json b/...framework-integ/test/aws-efs/test/integ.efs-filesystem-one-zone.js.snapshot/manifest.json
diff --git a/...ws-efs/test/integ.efs-filesystem-one-zone.js.snapshot/test-efs-one-zone-integ.assets.json b/...ws-efs/test/integ.efs-filesystem-one-zone.js.snapshot/test-efs-one-zone-integ.assets.json
diff --git a/...-efs/test/integ.efs-filesystem-one-zone.js.snapshot/test-efs-one-zone-integ.template.json b/...-efs/test/integ.efs-filesystem-one-zone.js.snapshot/test-efs-one-zone-integ.template.json
@@ -489,7 +489,7 @@
      "S3Bucket": {
       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
      },
-     "S3Key": "4554b47be6f57b68c6c7a7391dcc73894866d2377fe174883351e7639097f292.zip"
+     "S3Key": "bde7b5c89cb43285f884c94f0b9e17cdb0f5eb5345005114dd60342e0b8a85a1.zip"
     },
     "Timeout": 900,
     "MemorySize": 128,
@@ -589,6 +589,89 @@
      "Ref": "VpcPrivateSubnet1Subnet536B997A"
     }
    }
+  },
+  "FileSystem2C84D7800": {
+   "Type": "AWS::EFS::FileSystem",
+   "Properties": {
+    "AvailabilityZoneName": {
+     "Fn::Select": [
+      1,
+      {
+       "Fn::GetAZs": ""
+      }
+     ]
+    },
+    "Encrypted": true,
+    "FileSystemPolicy": {
+     "Statement": [
+      {
+       "Action": [
+        "elasticfilesystem:ClientRootAccess",
+        "elasticfilesystem:ClientWrite"
+       ],
+       "Condition": {
+        "Bool": {
+         "elasticfilesystem:AccessedViaMountTarget": "true"
+        }
+       },
+       "Effect": "Allow",
+       "Principal": {
+        "AWS": "*"
+       }
+      }
+     ],
+     "Version": "2012-10-17"
+    },
+    "FileSystemTags": [
+     {
+      "Key": "Name",
+      "Value": "test-efs-one-zone-integ/FileSystem2"
+     }
+    ]
+   },
+   "UpdateReplacePolicy": "Retain",
+   "DeletionPolicy": "Retain"
+  },
+  "FileSystem2EfsSecurityGroup2AF8F758": {
+   "Type": "AWS::EC2::SecurityGroup",
+   "Properties": {
+    "GroupDescription": "test-efs-one-zone-integ/FileSystem2/EfsSecurityGroup",
+    "SecurityGroupEgress": [
+     {
+      "CidrIp": "0.0.0.0/0",
+      "Description": "Allow all outbound traffic by default",
+      "IpProtocol": "-1"
+     }
+    ],
+    "Tags": [
+     {
+      "Key": "Name",
+      "Value": "test-efs-one-zone-integ/FileSystem2"
+     }
+    ],
+    "VpcId": {
+     "Ref": "Vpc8378EB38"
+    }
+   }
+  },
+  "FileSystem2EfsMountTargetPrivateSubnet26E5947D6": {
+   "Type": "AWS::EFS::MountTarget",
+   "Properties": {
+    "FileSystemId": {
+     "Ref": "FileSystem2C84D7800"
+    },
+    "SecurityGroups": [
+     {
+      "Fn::GetAtt": [
+       "FileSystem2EfsSecurityGroup2AF8F758",
+       "GroupId"
+      ]
+     }
+    ],
+    "SubnetId": {
+     "Ref": "VpcPrivateSubnet2Subnet3788AAA1"
+    }
+   }
   }
  },
  "Parameters": {