adam121 - Fotolia
Amazon Web Services released its Elastic File System to provide flexible storage for Amazon workloads, allowing storage capacity to grow or shrink as data is added or removed. Multiple workloads can also share EFS instances, providing common storage for applications.
Elastic File System (EFS) is designed for security -- minimizing the workloads and users who can access each EFS instance. For example, EFS restricts access to selected Elastic Compute Cloud (EC2) instances that reside in an Amazon Virtual Private Cloud (VPC).
A VPC allows users to define a logical network within the cloud where admins can deploy AWS resources like EC2 instances. IT teams can configure VPCs with user-selected IP addresses, subnets, routing tables and gateways to create a completely unique network that can be more difficult for attackers to find in the first place. It is possible to use VPCs to create public-facing networks that are isolated from critical back-end services. VPC security groups and network access control lists are also used to restrict network access to EFS instances.
Amazon EFS handles read, write and execute permissions down to the group and user levels; this can restrict access to specific directories or even individual files. The addition of AWS Identity and Access Management services ensures secure authentication for each user and connects users with authorized cloud resources.
Finally, AWS EFS is integrated with AWS CloudTrail, which provides detailed reports on API calls for the account made through the AWS Management Console, AWS Command Line Interface (CLI), AWS CloudFormation or AWS Software Development Kits. Log data includes details such as who called the API, call times, source IP addresses and so on. Log data can then be used to assess security, track changed resources and even help ensure compliance or audits in the cloud.
AWS EFS can be managed using a variety of platforms including the Web-based AWS Management Console, the AWS CLI and the Amazon EFS API. This allows developers to integrate EFS into software development. These management platforms allow administrators to create and delete EFS instances, configure access to the EFS instances, report details on AWS resources and manage security for users and groups.
The management method you choose depends on your particular preferences and workflow habits. For example, a business trying to automate or standardize EFS activities might prefer running scripts through the CLI, while software developers might opt to create unique tools using APIs. Each option will yield the same level of control and provide the same reporting.
Amazon Elastic File System roadmap details revealed
AWS logging tools provide extra security
Dig Deeper on AWS security
Related Q&A from Stephen J. Bigelow
Full virtualization and paravirtualization both enable hardware resource abstraction, but the two technologies differ when it comes to isolation ... Continue Reading
Organizations can cap their hyper-converged infrastructure costs when they deploy the Azure Stack HCI platform, but once they plug into the cloud, ... Continue Reading
You can implement ESXi on ARM -- or other RISC processors -- in micro and nano data centers. A nano data center is more specialized but also more ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.