Skip to content

ECSBuilder

Bases: AbstractAWSResourceBuilder['EfsBuilder', EfsConfig]

AWS CDK builder for comprehensive EFS (Elastic File System) infrastructure deployment.

Orchestrates the creation of scalable, fully managed NFS file systems with configurable performance characteristics, throughput modes, encryption settings, and fine-grained access control through EFS access points. Supports cross-account parameter sharing for multi-environment deployments and organizational security standards.

The builder creates: - EFS file system with configurable performance and throughput modes - KMS encryption for data at rest when enabled - Security group integration for network access control - Multiple access points with POSIX user/group enforcement - SSM parameter storage for cross-stack references - Cross-account resource sharing for DevOps environments - IAM policies for service integration (DataSync, ECS, etc.)

Source code in mare_aws_common_lib/builders/efs_builder.py 
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
class EfsBuilder(AbstractAWSResourceBuilder["EfsBuilder", EfsConfig]):
    """AWS CDK builder for comprehensive EFS (Elastic File System) infrastructure deployment.

    Orchestrates the creation of scalable, fully managed NFS file systems with configurable
    performance characteristics, throughput modes, encryption settings, and fine-grained
    access control through EFS access points. Supports cross-account parameter sharing
    for multi-environment deployments and organizational security standards.

    The builder creates:
    - EFS file system with configurable performance and throughput modes
    - KMS encryption for data at rest when enabled
    - Security group integration for network access control
    - Multiple access points with POSIX user/group enforcement
    - SSM parameter storage for cross-stack references
    - Cross-account resource sharing for DevOps environments
    - IAM policies for service integration (DataSync, ECS, etc.)
    """
    _resource_type: AWSResourceType = AWSResourceType.EFS

    def reset(self) -> None:
        """Reset builder state and clear configuration data.

        Initializes the builder for a new build cycle by clearing all
        configuration data and resetting internal state to default values.
        """
        super().reset()
        self._efs_base_name: str = None
        self._efs_security_group: ec2.SecurityGroup = None
        self._file_system: efs.FileSystem = None
        self._access_points: List[efs.AccessPoint]

    def set_efs_base_name(self, name: str) -> 'EfsBuilder':
        """Set the base name for the EFS file system.

        Configures the fundamental identifier used for naming the EFS file system
        and related resources including access points and SSM parameters.

        Args:
            name: Base name for the EFS file system (will be combined with environment context)

        Returns:
            Self for method chaining
        """
        self._efs_base_name = name
        return self

    def build(self, scope: Construct) -> efs.FileSystem:
        super().build()

        vpc_logical_id = f"vpc-ecs-{self._config.efs_base_name.lower().replace("-", "_")}"
        vpc: ec2.Vpc = self._application_helper.get_vpc(vpc_logical_id, scope)

        self._efs_security_group = self._get_efs_security_group(scope, vpc)

        # Create L2 EFS file system
        self._file_system: efs.FileSystem = self._create_efs_file_system(scope, vpc)

        # Create access points if configured
        self._access_points = self._create_access_points(scope, self._file_system)

        # Store EFS information in SSM for other stacks
        self._store_efs_parameters(scope, self._file_system, self._access_points)

        return self._file_system

    def _create_efs_file_system(self, scope: Construct, vpc: ec2.Vpc) -> efs.FileSystem:
        """Create the EFS file system with full configuration.

        Creates the core EFS file system resource with performance optimization,
        security configuration, encryption settings, and network placement. Handles
        both encrypted and unencrypted scenarios with appropriate KMS key integration.

        Args:
            scope: CDK construct scope for resource creation
            vpc: VPC instance for file system network placement

        Returns:
            Configured EFS FileSystem instance
        """
        efs_name = self._get_name_for_resource(
            f"{self._application_helper.get_target_env()}-{self._config.efs_base_name}",
            max_length=AWSResourceNameLength.EFS.value
        )

        kms_key: kms.Key = None
        if self._config.encrypted:
            kms_key = self._get_snc_key_by_alias(scope, self._config.use_foundation_key, self._config.efs_base_name)

        file_system = efs.FileSystem(
            scope,
            self._get_cfn_logical_id("efs-filesystem"),
            vpc=vpc,
            file_system_name=efs_name,
            performance_mode=self._config.get_performance_mode(),
            throughput_mode=self._config.get_throughput_mode(),
            security_group=self._efs_security_group,
            vpc_subnets=ec2.SubnetSelection(
                subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS
            ),
            removal_policy=self._config.get_removal_policy(),
            encrypted=self._config.encrypted,
            kms_key=kms_key,
            file_system_policy=self._create_efs_policy()
        )

        return file_system

    def _create_efs_policy(self) -> iam.PolicyDocument:
        """Create EFS file system resource policy for service integration.

        Generates an IAM policy document that allows necessary EFS operations
        for AWS service integration, particularly DataSync for backup and
        migration operations. The policy ensures secure access through
        mount targets while maintaining proper access controls.

        Returns:
            IAM PolicyDocument with EFS access permissions for service integration
        """
        return iam.PolicyDocument(
            statements=[
                iam.PolicyStatement(
                    effect=iam.Effect.ALLOW,
                    principals=[iam.AnyPrincipal()],
                    actions=[
                        "elasticfilesystem:ClientMount", # Required for DataSync
                        "elasticfilesystem:ClientRootAccess",
                        "elasticfilesystem:ClientWrite"
                    ],
                    resources=["*"],
                    conditions={
                        "Bool": {
                            "elasticfilesystem:AccessedViaMountTarget": "true"
                        }
                    }
                )
            ]
        )

    def _get_efs_security_group(self, scope: Construct, vpc: ec2.IVpc) -> ec2.SecurityGroup:
        """Retrieve security group for EFS network access control.

        Fetches the pre-configured security group that controls network access
        to the EFS file system, ensuring proper isolation and access patterns
        for EFS mount operations from authorized sources.

        Args:
            scope: CDK construct scope for resource lookup
            vpc: VPC instance containing the security group

        Returns:
            Security group configured for EFS access patterns

        Note:
            The security group name follows organizational conventions:
            "own-efs-sg" and must exist in the target VPC before EFS deployment.
        """
        full_name, _ = ResourceNaming.get_name_for_resource(
            self._application_helper, 
            AWSResourceType.SG, 
            resource_name="own-efs-sg",
            max_length=AWSResourceNameLength.SEC_GROUP.value
        )
        return self._get_security_group_by_name(scope, vpc, full_name)

    def _get_security_group_by_name(self, scope: Construct, vpc: ec2.IVpc, sg_name: str) -> ec2.SecurityGroup:
        """Lookup and return an immutable security group reference by name.

        Retrieves a security group by name and returns an immutable reference
        to prevent accidental modification of existing security group rules
        during infrastructure deployment.

        Args:
            scope: CDK construct scope for resource lookup
            vpc: VPC instance containing the security group
            sg_name: Name of the security group to lookup

        Returns:
            Immutable security group reference for safe usage in EFS configuration
        """
        mutable_security_group: ec2.SecurityGroup = ec2.SecurityGroup.from_lookup_by_name(scope, f"m-{sg_name}",
                                                                                          sg_name, vpc)
        immutable_security_group: ec2.SecurityGroup = ec2.SecurityGroup.from_security_group_id(scope, sg_name,
                                                                                               mutable_security_group.security_group_id,
                                                                                               mutable=False)
        return immutable_security_group

    def _create_access_points(self, scope: Construct, file_system: efs.FileSystem) -> List[efs.AccessPoint]:
        """Create EFS access points with POSIX user and permission enforcement.

        Creates configured access points that provide application-specific entry
        points into the EFS file system with predefined user/group identities,
        directory paths, and file system permissions for enhanced security.

        Args:
            scope: CDK construct scope for access point creation
            file_system: EFS file system to attach access points to

        Returns:
            List of configured EFS access points for fine-grained access control
        """
        access_points = []

        if not self._config.access_points:
            return access_points

        for ap_config in self._config.access_points:
            acl = None
            if ap_config.create_creation_info:
                # Access Control List
                acl = efs.Acl(
                    owner_uid=str(ap_config.owner_uid),
                    owner_gid=str(ap_config.owner_gid),
                    permissions=ap_config.permissions
                )

            posix_user = None
            if ap_config.create_posix_user:
                posix_user = efs.PosixUser(
                    uid=str(ap_config.posix_uid),
                    gid=str(ap_config.posix_gid)
                )

            access_point = efs.AccessPoint(
                scope,
                self._get_cfn_logical_id(f"access-point-{ap_config.name}"),
                file_system=file_system,
                path=ap_config.path,
                create_acl=acl,
                posix_user=posix_user
            )
            access_points.append(access_point)

        return access_points

    def _store_efs_parameters(self, scope: Construct, file_system: efs.FileSystem, access_points: List[efs.AccessPoint]) -> None:
        """Store EFS resource identifiers in SSM Parameter Store with cross-account sharing.

        Creates SSM parameters containing EFS file system and access point IDs
        for consumption by other stacks and services. Handles cross-account
        parameter sharing for multi-environment deployments where EFS resources
        in one account need to be accessible from other accounts.

        Args:
            scope: CDK construct scope for parameter creation
            file_system: EFS file system with ID to store
            access_points: List of access points with IDs to store
        """
        is_devops = self._application_helper.get_target_env().upper() == Environment.DEVOPS.name
        param_tier = ssm.ParameterTier.STANDARD if is_devops else ssm.ParameterTier.ADVANCED
        consumer_account_id = self._application_helper.get_all_envs()["devops"]["account_id"]

        # Store EFS file system ID
        efs_fs_id_param, _ = self._application_helper.store_parameter(
            scope,
            f"EFS_FILE_SYSTEM_ID_{self._config.efs_base_name.upper().replace("-", "_")}",
            file_system.file_system_id,
            tier=param_tier
        )

        if not is_devops:
            resource_base_name = f"efs-fid-{self._config.efs_base_name.lower().replace("_", "-")}-{self._application_helper.get_target_env()}"
            resource_name = self._get_name_for_resource(
                resource_base_name,
                max_length=AWSResourceNameLength.CFN_RESOURCE.value
            )
            CrossAccountResourceSharer.share_ssm_parameter(scope, consumer_account_id, efs_fs_id_param.parameter_arn,
                                                           resource_name, resource_base_name)

        # Store access point information if any exist
        if access_points and self._config.access_points:
            for i, access_point in enumerate(access_points):
                # Get the corresponding access point config to retrieve the name
                ap_config = self._config.access_points[i]
                access_point_name = ap_config.name.upper().replace("-", "_")

                efs_ap_id_param, _ = self._application_helper.store_parameter(
                    scope,
                    f"EFS_{self._config.efs_base_name.upper().replace("-", "_")}_ACCESS_POINT_ID_{access_point_name}",
                    access_point.access_point_id,
                    tier=param_tier
                )

                if not is_devops:
                    ap_resource_base_name = f"efs-apid-{self._config.efs_base_name.lower().replace("_", "-")}-{access_point_name.lower().replace("_", "-")}-{self._application_helper.get_target_env()}"
                    ap_resource_name = self._get_name_for_resource(
                        ap_resource_base_name,
                        max_length=AWSResourceNameLength.CFN_RESOURCE.value
                    )
                    CrossAccountResourceSharer.share_ssm_parameter(scope, consumer_account_id, efs_ap_id_param.parameter_arn,
                                                                ap_resource_name, ap_resource_base_name)

    def _set_config(self) -> None:
        """Create and validate the EFS configuration from builder inputs.

        Combines the builder configuration with the EFS base name to create
        a validated EfsConfig instance, ensuring all required fields and
        validation rules are satisfied for successful EFS deployment.

        Raises:
            ValidationError: If the combined configuration fails EfsConfig validation.
                            Error details are logged for debugging and troubleshooting.
        """
        try:
            self._config = EfsConfig(**{
                **self._builder_config,
                "efs_base_name": self._efs_base_name
            })
        except ValidationError as e:
            self._log_validation_error(e, EfsConfig)
            raise

    def _control_consistency(self) -> None:
        """Validate builder configuration and internal state consistency.

        Performs comprehensive pre-build validation to ensure all required
        configurations are present and the builder state is consistent for
        successful EFS infrastructure deployment.

        Raises:
            ValueError: If EFS base name is not set - required for resource naming
            ValidationError: If EfsConfig validation fails during configuration setup
        """
        super()._control_consistency()

        if not self._efs_base_name:
            raise ValueError("efs base name must be set before building")

        self._set_config()

Attributes

_resource_type = AWSResourceType.EFS class-attribute instance-attribute

Functions

_control_consistency()

Validate builder configuration and internal state consistency.

Performs comprehensive pre-build validation to ensure all required configurations are present and the builder state is consistent for successful EFS infrastructure deployment.

Raises:

Type Description
ValueError

If EFS base name is not set - required for resource naming
ValidationError

If EfsConfig validation fails during configuration setup
Source code in mare_aws_common_lib/builders/efs_builder.py 
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
def _control_consistency(self) -> None:
    """Validate builder configuration and internal state consistency.

    Performs comprehensive pre-build validation to ensure all required
    configurations are present and the builder state is consistent for
    successful EFS infrastructure deployment.

    Raises:
        ValueError: If EFS base name is not set - required for resource naming
        ValidationError: If EfsConfig validation fails during configuration setup
    """
    super()._control_consistency()

    if not self._efs_base_name:
        raise ValueError("efs base name must be set before building")

    self._set_config()

_create_access_points(scope, file_system)

Create EFS access points with POSIX user and permission enforcement.

Creates configured access points that provide application-specific entry points into the EFS file system with predefined user/group identities, directory paths, and file system permissions for enhanced security.

Parameters:

Name Type Description Default
scope Construct

CDK construct scope for access point creation

 required
file_system FileSystem

EFS file system to attach access points to

 required

Returns:

Type Description
List[AccessPoint]

List of configured EFS access points for fine-grained access control
Source code in mare_aws_common_lib/builders/efs_builder.py 
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
def _create_access_points(self, scope: Construct, file_system: efs.FileSystem) -> List[efs.AccessPoint]:
    """Create EFS access points with POSIX user and permission enforcement.

    Creates configured access points that provide application-specific entry
    points into the EFS file system with predefined user/group identities,
    directory paths, and file system permissions for enhanced security.

    Args:
        scope: CDK construct scope for access point creation
        file_system: EFS file system to attach access points to

    Returns:
        List of configured EFS access points for fine-grained access control
    """
    access_points = []

    if not self._config.access_points:
        return access_points

    for ap_config in self._config.access_points:
        acl = None
        if ap_config.create_creation_info:
            # Access Control List
            acl = efs.Acl(
                owner_uid=str(ap_config.owner_uid),
                owner_gid=str(ap_config.owner_gid),
                permissions=ap_config.permissions
            )

        posix_user = None
        if ap_config.create_posix_user:
            posix_user = efs.PosixUser(
                uid=str(ap_config.posix_uid),
                gid=str(ap_config.posix_gid)
            )

        access_point = efs.AccessPoint(
            scope,
            self._get_cfn_logical_id(f"access-point-{ap_config.name}"),
            file_system=file_system,
            path=ap_config.path,
            create_acl=acl,
            posix_user=posix_user
        )
        access_points.append(access_point)

    return access_points

_create_efs_file_system(scope, vpc)

Create the EFS file system with full configuration.

Creates the core EFS file system resource with performance optimization, security configuration, encryption settings, and network placement. Handles both encrypted and unencrypted scenarios with appropriate KMS key integration.

Parameters:

Name Type Description Default
scope Construct

CDK construct scope for resource creation

 required
vpc Vpc

VPC instance for file system network placement

 required

Returns:

Type Description
FileSystem

Configured EFS FileSystem instance
Source code in mare_aws_common_lib/builders/efs_builder.py 
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
def _create_efs_file_system(self, scope: Construct, vpc: ec2.Vpc) -> efs.FileSystem:
    """Create the EFS file system with full configuration.

    Creates the core EFS file system resource with performance optimization,
    security configuration, encryption settings, and network placement. Handles
    both encrypted and unencrypted scenarios with appropriate KMS key integration.

    Args:
        scope: CDK construct scope for resource creation
        vpc: VPC instance for file system network placement

    Returns:
        Configured EFS FileSystem instance
    """
    efs_name = self._get_name_for_resource(
        f"{self._application_helper.get_target_env()}-{self._config.efs_base_name}",
        max_length=AWSResourceNameLength.EFS.value
    )

    kms_key: kms.Key = None
    if self._config.encrypted:
        kms_key = self._get_snc_key_by_alias(scope, self._config.use_foundation_key, self._config.efs_base_name)

    file_system = efs.FileSystem(
        scope,
        self._get_cfn_logical_id("efs-filesystem"),
        vpc=vpc,
        file_system_name=efs_name,
        performance_mode=self._config.get_performance_mode(),
        throughput_mode=self._config.get_throughput_mode(),
        security_group=self._efs_security_group,
        vpc_subnets=ec2.SubnetSelection(
            subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS
        ),
        removal_policy=self._config.get_removal_policy(),
        encrypted=self._config.encrypted,
        kms_key=kms_key,
        file_system_policy=self._create_efs_policy()
    )

    return file_system

_create_efs_policy()

Create EFS file system resource policy for service integration.

Generates an IAM policy document that allows necessary EFS operations for AWS service integration, particularly DataSync for backup and migration operations. The policy ensures secure access through mount targets while maintaining proper access controls.

Returns:

Type Description
PolicyDocument

IAM PolicyDocument with EFS access permissions for service integration
Source code in mare_aws_common_lib/builders/efs_builder.py 
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
def _create_efs_policy(self) -> iam.PolicyDocument:
    """Create EFS file system resource policy for service integration.

    Generates an IAM policy document that allows necessary EFS operations
    for AWS service integration, particularly DataSync for backup and
    migration operations. The policy ensures secure access through
    mount targets while maintaining proper access controls.

    Returns:
        IAM PolicyDocument with EFS access permissions for service integration
    """
    return iam.PolicyDocument(
        statements=[
            iam.PolicyStatement(
                effect=iam.Effect.ALLOW,
                principals=[iam.AnyPrincipal()],
                actions=[
                    "elasticfilesystem:ClientMount", # Required for DataSync
                    "elasticfilesystem:ClientRootAccess",
                    "elasticfilesystem:ClientWrite"
                ],
                resources=["*"],
                conditions={
                    "Bool": {
                        "elasticfilesystem:AccessedViaMountTarget": "true"
                    }
                }
            )
        ]
    )

_get_efs_security_group(scope, vpc)

Retrieve security group for EFS network access control.

Fetches the pre-configured security group that controls network access to the EFS file system, ensuring proper isolation and access patterns for EFS mount operations from authorized sources.

Parameters:

Name Type Description Default
scope Construct

CDK construct scope for resource lookup

 required
vpc IVpc

VPC instance containing the security group

 required

Returns:

Type Description
SecurityGroup

Security group configured for EFS access patterns
Note

The security group name follows organizational conventions: "own-efs-sg" and must exist in the target VPC before EFS deployment.

Source code in mare_aws_common_lib/builders/efs_builder.py 
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
def _get_efs_security_group(self, scope: Construct, vpc: ec2.IVpc) -> ec2.SecurityGroup:
    """Retrieve security group for EFS network access control.

    Fetches the pre-configured security group that controls network access
    to the EFS file system, ensuring proper isolation and access patterns
    for EFS mount operations from authorized sources.

    Args:
        scope: CDK construct scope for resource lookup
        vpc: VPC instance containing the security group

    Returns:
        Security group configured for EFS access patterns

    Note:
        The security group name follows organizational conventions:
        "own-efs-sg" and must exist in the target VPC before EFS deployment.
    """
    full_name, _ = ResourceNaming.get_name_for_resource(
        self._application_helper, 
        AWSResourceType.SG, 
        resource_name="own-efs-sg",
        max_length=AWSResourceNameLength.SEC_GROUP.value
    )
    return self._get_security_group_by_name(scope, vpc, full_name)

_get_security_group_by_name(scope, vpc, sg_name)

Lookup and return an immutable security group reference by name.

Retrieves a security group by name and returns an immutable reference to prevent accidental modification of existing security group rules during infrastructure deployment.

Parameters:

Name Type Description Default
scope Construct

CDK construct scope for resource lookup

 required
vpc IVpc

VPC instance containing the security group

 required
sg_name str

Name of the security group to lookup

 required

Returns:

Type Description
SecurityGroup

Immutable security group reference for safe usage in EFS configuration
Source code in mare_aws_common_lib/builders/efs_builder.py 
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
def _get_security_group_by_name(self, scope: Construct, vpc: ec2.IVpc, sg_name: str) -> ec2.SecurityGroup:
    """Lookup and return an immutable security group reference by name.

    Retrieves a security group by name and returns an immutable reference
    to prevent accidental modification of existing security group rules
    during infrastructure deployment.

    Args:
        scope: CDK construct scope for resource lookup
        vpc: VPC instance containing the security group
        sg_name: Name of the security group to lookup

    Returns:
        Immutable security group reference for safe usage in EFS configuration
    """
    mutable_security_group: ec2.SecurityGroup = ec2.SecurityGroup.from_lookup_by_name(scope, f"m-{sg_name}",
                                                                                      sg_name, vpc)
    immutable_security_group: ec2.SecurityGroup = ec2.SecurityGroup.from_security_group_id(scope, sg_name,
                                                                                           mutable_security_group.security_group_id,
                                                                                           mutable=False)
    return immutable_security_group

_set_config()

Create and validate the EFS configuration from builder inputs.

Combines the builder configuration with the EFS base name to create a validated EfsConfig instance, ensuring all required fields and validation rules are satisfied for successful EFS deployment.

Raises:

Type Description
ValidationError

If the combined configuration fails EfsConfig validation. Error details are logged for debugging and troubleshooting.
Source code in mare_aws_common_lib/builders/efs_builder.py 
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
def _set_config(self) -> None:
    """Create and validate the EFS configuration from builder inputs.

    Combines the builder configuration with the EFS base name to create
    a validated EfsConfig instance, ensuring all required fields and
    validation rules are satisfied for successful EFS deployment.

    Raises:
        ValidationError: If the combined configuration fails EfsConfig validation.
                        Error details are logged for debugging and troubleshooting.
    """
    try:
        self._config = EfsConfig(**{
            **self._builder_config,
            "efs_base_name": self._efs_base_name
        })
    except ValidationError as e:
        self._log_validation_error(e, EfsConfig)
        raise

_store_efs_parameters(scope, file_system, access_points)

Store EFS resource identifiers in SSM Parameter Store with cross-account sharing.

Creates SSM parameters containing EFS file system and access point IDs for consumption by other stacks and services. Handles cross-account parameter sharing for multi-environment deployments where EFS resources in one account need to be accessible from other accounts.

Parameters:

Name Type Description Default
scope Construct

CDK construct scope for parameter creation

 required
file_system FileSystem

EFS file system with ID to store

 required
access_points List[AccessPoint]

List of access points with IDs to store

 required
Source code in mare_aws_common_lib/builders/efs_builder.py 
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
def _store_efs_parameters(self, scope: Construct, file_system: efs.FileSystem, access_points: List[efs.AccessPoint]) -> None:
    """Store EFS resource identifiers in SSM Parameter Store with cross-account sharing.

    Creates SSM parameters containing EFS file system and access point IDs
    for consumption by other stacks and services. Handles cross-account
    parameter sharing for multi-environment deployments where EFS resources
    in one account need to be accessible from other accounts.

    Args:
        scope: CDK construct scope for parameter creation
        file_system: EFS file system with ID to store
        access_points: List of access points with IDs to store
    """
    is_devops = self._application_helper.get_target_env().upper() == Environment.DEVOPS.name
    param_tier = ssm.ParameterTier.STANDARD if is_devops else ssm.ParameterTier.ADVANCED
    consumer_account_id = self._application_helper.get_all_envs()["devops"]["account_id"]

    # Store EFS file system ID
    efs_fs_id_param, _ = self._application_helper.store_parameter(
        scope,
        f"EFS_FILE_SYSTEM_ID_{self._config.efs_base_name.upper().replace("-", "_")}",
        file_system.file_system_id,
        tier=param_tier
    )

    if not is_devops:
        resource_base_name = f"efs-fid-{self._config.efs_base_name.lower().replace("_", "-")}-{self._application_helper.get_target_env()}"
        resource_name = self._get_name_for_resource(
            resource_base_name,
            max_length=AWSResourceNameLength.CFN_RESOURCE.value
        )
        CrossAccountResourceSharer.share_ssm_parameter(scope, consumer_account_id, efs_fs_id_param.parameter_arn,
                                                       resource_name, resource_base_name)

    # Store access point information if any exist
    if access_points and self._config.access_points:
        for i, access_point in enumerate(access_points):
            # Get the corresponding access point config to retrieve the name
            ap_config = self._config.access_points[i]
            access_point_name = ap_config.name.upper().replace("-", "_")

            efs_ap_id_param, _ = self._application_helper.store_parameter(
                scope,
                f"EFS_{self._config.efs_base_name.upper().replace("-", "_")}_ACCESS_POINT_ID_{access_point_name}",
                access_point.access_point_id,
                tier=param_tier
            )

            if not is_devops:
                ap_resource_base_name = f"efs-apid-{self._config.efs_base_name.lower().replace("_", "-")}-{access_point_name.lower().replace("_", "-")}-{self._application_helper.get_target_env()}"
                ap_resource_name = self._get_name_for_resource(
                    ap_resource_base_name,
                    max_length=AWSResourceNameLength.CFN_RESOURCE.value
                )
                CrossAccountResourceSharer.share_ssm_parameter(scope, consumer_account_id, efs_ap_id_param.parameter_arn,
                                                            ap_resource_name, ap_resource_base_name)

build(scope)

Source code in mare_aws_common_lib/builders/efs_builder.py 
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
def build(self, scope: Construct) -> efs.FileSystem:
    super().build()

    vpc_logical_id = f"vpc-ecs-{self._config.efs_base_name.lower().replace("-", "_")}"
    vpc: ec2.Vpc = self._application_helper.get_vpc(vpc_logical_id, scope)

    self._efs_security_group = self._get_efs_security_group(scope, vpc)

    # Create L2 EFS file system
    self._file_system: efs.FileSystem = self._create_efs_file_system(scope, vpc)

    # Create access points if configured
    self._access_points = self._create_access_points(scope, self._file_system)

    # Store EFS information in SSM for other stacks
    self._store_efs_parameters(scope, self._file_system, self._access_points)

    return self._file_system

reset()

Reset builder state and clear configuration data.

Initializes the builder for a new build cycle by clearing all configuration data and resetting internal state to default values.

Source code in mare_aws_common_lib/builders/efs_builder.py 
38
39
40
41
42
43
44
45
46
47
48
def reset(self) -> None:
    """Reset builder state and clear configuration data.

    Initializes the builder for a new build cycle by clearing all
    configuration data and resetting internal state to default values.
    """
    super().reset()
    self._efs_base_name: str = None
    self._efs_security_group: ec2.SecurityGroup = None
    self._file_system: efs.FileSystem = None
    self._access_points: List[efs.AccessPoint]

set_efs_base_name(name)

Set the base name for the EFS file system.

Configures the fundamental identifier used for naming the EFS file system and related resources including access points and SSM parameters.

Parameters:

Name Type Description Default
name str

Base name for the EFS file system (will be combined with environment context)

 required

Returns:

Type Description
EfsBuilder

Self for method chaining
Source code in mare_aws_common_lib/builders/efs_builder.py 
50
51
52
53
54
55
56
57
58
59
60
61
62
63
def set_efs_base_name(self, name: str) -> 'EfsBuilder':
    """Set the base name for the EFS file system.

    Configures the fundamental identifier used for naming the EFS file system
    and related resources including access points and SSM parameters.

    Args:
        name: Base name for the EFS file system (will be combined with environment context)

    Returns:
        Self for method chaining
    """
    self._efs_base_name = name
    return self