The AWS EFS add-on facilitates access to Amazon EFS for Kubernetes workloads running on a managed Kubernetes cluster.
To use the AWS EFS add-on for your Kubernetes cluster, ensure you have created an AWS IAM Role with the necessary permissions to use the AWS EFS filesystem. The ARN (Amazon Resource Name) of this role is required for the configuration steps that follow. For the required permissions, you can attach the managed policy AmazonEFSCSIDriverPolicy
to the IAM Role and verify that the EFS filesystem policy permits access.
The AWS EFS add-on can be enabled for your Kubernetes cluster either during the cluster creation process or at any time thereafter. The following sections outline the methods for enabling the add-on:
Through Cluster Manifest: Add the following snippet to your cluster manifest when creating the cluster:
Using the Console: If you’re creating the cluster through the console, navigate to Add-ons
, find the AWS EFS
add-on in the list of available add-ons, toggle it on, and then enter the ROLE ARN required for accessing the AWS EFS filesystem.
If the AWS EFS add-on was not enabled during the cluster creation, you can still enable it using either of the following methods:
To enable the AWS EFS add-on after cluster creation, add the following to your cluster’s YAML manifest:
Direct Edit & Apply: Navigate to your cluster in the Console, and use the Edit & Apply
option.
CLI Application: Apply the entire manifest using the cpln apply >_
command or through the cpln
CLI.
Kubernetes
in the left sidebar, and click on the cluster you wish to configure.Add-ons
, find the AWS EFS
add-on in the list, and toggle it on.After enabling the AWS EFS add-on, two additional steps are required before you can successfully create Kubernetes volumes using AWS EFS.
First, it’s essential to update the trust policy to grant the Managed Kubernetes cluster the necessary permissions to assume the AWS Role for accessing AWS EFS. This step ensures that your Kubernetes cluster can securely interact with the AWS EFS service.
Second, you must properly configure the Kubernetes Storage Class. This configuration allows Kubernetes to understand how to provision storage based on AWS EFS for your applications.
Follow the steps below to configure:
Skip this step if you have already created the provider as part of the AWS Workload Identity configuration.
Access management
, select Identity providers
and then click Add provider
.OpenID Connect
, paste the Provider URL
obtained in the previous step, and click Get thumbprint
.Audience
field, enter sts.amazonaws.com
.Trust Policy
of the IAM Role in your AWS Account to reflect these changes.Create the following Storage Class in your Managed Kubernetes cluster. For guidance on accessing your cluster, refer to the documentation page of your Provider.
Ensure to replace the fileSystemId
with the correct one from your account.
Create the following PersistentVolumeClaim
and Pod
in your Managed Kubernetes cluster. This example demonstrates creating a Pod that writes the current date to a file every 5 seconds, utilizing a volume backed by the AWS EFS, as configured previously.