The home for Hyperlane core contracts, sdk packages, and other infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
hyperlane-monorepo/rust/terraform/modules/efs/main.tf

43 lines
2.1 KiB

# This resource defines an EFS file system that acts as persistent storage for the validator.
# The `creation_token` is used to ensure idempotent creation of the file system.
resource "aws_efs_file_system" "validator_fs" {
creation_token = var.creation_token # Unique token to guarantee the idempotence of the resource
# Tags are key-value pairs that help with the organization and identification of AWS resources.
tags = {
Name = var.creation_token # Name tag using the creation token for easy identification
}
}
# The EFS access point serves as a custom entry point into the file system.
# It enforces the specified POSIX user and group, and the root directory settings.
resource "aws_efs_access_point" "validator_ap" {
file_system_id = aws_efs_file_system.validator_fs.id # Associates the access point with the file system
# The POSIX user configuration sets the owner's user and group IDs for all file system requests.
posix_user {
gid = var.posix_user_gid # POSIX group ID
uid = var.posix_user_uid # POSIX user ID
}
# The root directory configuration specifies the path and creation settings within the EFS.
root_directory {
path = var.root_directory_path # The path where the root directory is mounted
# The creation info sets the ownership and permissions for the root directory upon creation.
creation_info {
owner_gid = var.posix_user_gid # Group ID of the directory owner
owner_uid = var.posix_user_uid # User ID of the directory owner
permissions = var.root_directory_permissions # Permissions for the root directory
}
}
}
# This resource creates a mount target within a specific subnet, allowing EC2 instances to access the EFS file system.
# The mount target is secured by associating it with one or more security groups.
resource "aws_efs_mount_target" "validator_mt" {
file_system_id = aws_efs_file_system.validator_fs.id # Associates the mount target with the file system
subnet_id = var.subnet_id # The subnet ID where the mount target is placed
security_groups = var.security_group_ids # Security groups that define the access rules for the mount target
}