Amazon EFS

Concepts Covered

• Amazon EFS
• Shared file storage
• NFS
• Mount targets
• Security groups
• Access points
• Regional and One Zone file systems
• Performance and throughput modes
• Storage classes
• EFS versus S3, EBS, FSx, and instance store

1. Plain-English Mental Model

Amazon Elastic File System, or EFS, is managed elastic shared file storage.

The simple model is:

many Linux clients -> NFS mount target -> shared EFS file system

EFS behaves like a file system that multiple compute clients can mount. EC2 instances, containers, and Lambda functions can use it when they need shared files and POSIX-style file access.

S3 stores objects through an API. EBS gives an EC2 instance a block device. EFS gives multiple clients a shared NFS file system.

The main exam phrase is "shared file system for multiple instances."

2. Why This Service Exists

Some applications expect a shared file system.

A lift-and-shift Linux application may read and write common directories. Web servers may need shared user uploads. Containers may need shared persistent files. Lambda functions may need access to a shared model or dependency set. Build systems may need shared artifacts.

Without EFS, teams might try to put files on one EC2 instance and share them manually, or attach EBS volumes in unsafe patterns, or force object storage into file-system semantics.

EFS exists to provide managed shared file storage without provisioning capacity in advance.

For SAA-C03, EFS appears in questions about NFS, Linux shared file storage, multiple EC2 instances mounting the same file system, serverless shared files, elastic capacity, multi-AZ mount targets, and storage classes for file data.

3. The Naive Approach And Where It Breaks

The naive pattern is one EC2 file server:

many app servers -> one EC2 NFS server -> EBS volume

This creates patching, scaling, backup, failure, and capacity management work. If the file server fails, the application may fail.

Another naive pattern is to use S3 as a mounted file system. S3 is object storage and does not provide the same POSIX semantics as a shared NFS file system.

Another mistake is choosing EFS for every storage problem. A database on EC2 usually wants EBS. User-uploaded immutable objects usually want S3. Windows SMB workloads often point to FSx for Windows File Server.

EFS is excellent when the requirement is shared Linux file access.

4. Core Primitives

An EFS file system is the managed shared file system.

A mount target is an elastic network interface in a subnet that clients use to mount the file system.

Mount targets should exist in the Availability Zones where clients run.

NFS is the file protocol used by Linux clients.

Security groups control network access to mount targets.

Access points provide application-specific entry points with enforced user, group, and directory settings.

Regional file systems store data redundantly across multiple Availability Zones. One Zone file systems store data in one Availability Zone for lower cost and specific workloads.

Throughput modes and performance settings determine how performance scales.

5. Architecture Use Cases

Use EFS for multiple EC2 instances that need shared files:

Auto Scaling group -> EFS mount targets -> shared content directory

Use EFS with ECS, EKS, or Fargate workloads that need persistent shared file storage.

Use EFS with Lambda when functions need a shared file system for models, libraries, or state that does not fit in ephemeral local storage.

Use access points to isolate application directories and permissions.

Use lifecycle management and infrequent access storage classes for file data that ages into lower-access patterns.

Use AWS Backup to centrally back up EFS file systems.

7. Security Model

EFS security includes network controls, file permissions, IAM options, encryption, and access points.

Clients connect through mount targets in a VPC. Security groups should allow NFS only from intended client security groups.

File permissions still matter. EFS does not remove Linux ownership and permission concepts.

Access points can enforce application-specific root directories and POSIX identities.

Encryption at rest and encryption in transit should be enabled when required.

IAM authorization can be used with the EFS mount helper for stronger client authorization patterns.

Backups and replicas should be protected because they contain the same file data.

8. Reliability And Resilience

Regional EFS file systems are designed to provide multi-AZ resilience.

Create mount targets in each Availability Zone where clients run to avoid cross-AZ dependencies and improve availability.

One Zone EFS is lower cost but stores data in one AZ, so it is not the same resilience profile as Regional EFS.

EFS is managed, but applications still need to handle file locks, concurrent writes, permissions, and client retry behavior.

Use AWS Backup and restore testing for recovery from accidental delete, corruption, or bad application writes.

9. Performance And Scaling

EFS capacity scales automatically as files are added and removed.

Performance depends on workload shape, throughput mode, storage class, client count, file sizes, and metadata operations.

Many small files and metadata-heavy workloads may behave differently from large sequential file workloads.

Elastic throughput can scale with workload activity. Provisioned throughput can fit workloads that need predictable throughput independent of storage size.

EFS is not usually the right storage for high-performance Windows SMB applications or HPC scratch workloads. FSx may fit those better.

10. Cost Model

EFS cost depends on storage used, storage class, throughput mode, and data access patterns.

It can be more expensive than S3 for object-style data because it provides file-system semantics and shared access.

Lifecycle management can move infrequently accessed file data to lower-cost EFS storage classes.

One Zone EFS can reduce cost when single-AZ storage is acceptable.

Use EFS when shared file semantics are worth the cost, not as a casual replacement for object storage.

12. SAA-C03 Exam Signals

"Shared file system for multiple EC2 instances" points to EFS.

"NFS" points to EFS for Linux shared file storage.

"Elastic file storage without provisioning capacity" points to EFS.

"Lambda functions need shared file access" can point to EFS.

"Windows SMB file shares" points to FSx for Windows File Server.

"High-performance Lustre file system" points to FSx for Lustre.

"Object storage for uploads" points to S3.

13. Common Exam Traps

Do not use EBS as the general shared file answer for many instances.

Do not use S3 when POSIX shared file semantics are required.

Do not choose EFS for Windows SMB requirements.

Do not ignore mount targets and security groups.

Do not confuse Regional EFS with One Zone EFS resilience.

Do not forget backup and restore testing for file data.

15. Related Topics

Review S3 vs EBS vs EFS vs Instance Store, Amazon S3, Amazon FSx, AWS Backup, and Amazon ECS And AWS Fargate.

Official AWS references:

• What is Amazon Elastic File System?
• Amazon EFS performance
• Using Amazon EFS access points