add efs example and module

examples/efs/main.tf

@@ -0,0 +1,40 @@
+resource "random_id" "example" {
+  byte_length = 4
+
+  prefix = "efs-"
+}
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "4.0.2"
+
+  name = random_id.example.hex
+  cidr = "10.0.0.0/16"
+
+  azs             = ["eu-central-1a", "eu-central-1b"]
+  private_subnets = ["10.0.1.0/24"]
+  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24"]
+
+  single_nat_gateway = true
+  enable_nat_gateway = false
+  enable_vpn_gateway = false
+}
+
+
+module "efs" {
+  source = "../../modules/efs"
+
+  context = {
+    namespace = "selleo"
+    stage     = "test"
+    name      = "logs"
+  }
+
+  name = random_id.example.hex
+  vpc = {
+    id          = module.vpc.vpc_id
+    subnets     = module.vpc.public_subnets
+    cidr_blocks = [module.vpc.vpc_cidr_block]
+  }
+  backup = true
+}

examples/efs/versions.tf

@@ -0,0 +1,15 @@
+terraform {
+  required_version = "~> 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = "eu-central-1"
+}
+

modules/efs/main.tf

@@ -0,0 +1,60 @@
+locals {
+  tags = {
+    "context.namespace"   = var.context.namespace
+    "context.stage"       = var.context.stage
+    "context.name"        = var.context.name
+  }
+}
+
+resource "random_id" "this" {
+  byte_length = 4
+
+  prefix = "${var.context.namespace}-${var.context.stage}-${var.context.name}-"
+}
+
+resource "aws_efs_file_system" "this" {
+  creation_token   = var.name
+  throughput_mode  = "bursting"
+  performance_mode = "generalPurpose"
+  encrypted        = true
+
+  tags = merge(local.tags, { "Name" = var.name, "resource.group" = "storage" })
+}
+
+resource "aws_efs_mount_target" "targets" {
+  count = length(var.vpc.subnets)
+
+  file_system_id  = aws_efs_file_system.this.id
+  subnet_id       = var.vpc.subnets[count.index]
+  security_groups = [aws_security_group.efs.id]
+}
+
+# SG attached to EFS
+resource "aws_security_group" "efs" {
+  description = "Allows to connect to EFS ${random_id.this.hex}"
+  name        = "${random_id.this.hex}-efs"
+  vpc_id      = var.vpc.id
+
+  tags = merge(local.tags, { "resource.group" = "network" })
+}
+
+# Allow to connect from VPC
+resource "aws_security_group_rule" "efs_allow_ec2" {
+  description       = "Allow VPC to access storage from EC2"
+  security_group_id = aws_security_group.efs.id
+  type              = "ingress"
+  from_port         = 2049
+  protocol          = "tcp"
+  to_port           = 2049
+  cidr_blocks       = var.vpc.cidr_blocks
+}
+
+resource "aws_efs_backup_policy" "this" {
+  count = var.backup ? 1 : 0
+
+  file_system_id = aws_efs_file_system.this.id
+
+  backup_policy {
+    status = "ENABLED"
+  }
+}

modules/efs/outputs.tf

@@ -0,0 +1,9 @@
+output "id" {
+  description = "EFS ID"
+  value       = aws_efs_file_system.this.id
+}
+
+output "arn" {
+  description = "EFS ARN"
+  value       = aws_efs_file_system.this.arn
+}

modules/efs/variables.tf

@@ -0,0 +1,31 @@
+variable "context" {
+  description = "Project context."
+
+  type = object({
+    namespace = string
+    stage     = string
+    name      = string
+  })
+}
+
+variable "name" {
+  description = "Volume name (creation_token)"
+  type        = string
+}
+
+variable "vpc" {
+  description = "VPC that storage is located"
+  type = object({
+    id          = string
+    subnets     = list(string)
+    cidr_blocks = list(string)
+  })
+}
+
+# optional
+
+variable "backup" {
+  type        = bool
+  description = "Toggle backup on/off"
+  default     = false
+}

modules/efs/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = "~> 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.0"
+    }
+  }
+}