go-ethereum/cicd/terraform/module/region/efs.tf

# EFS
resource "aws_security_group" "efs_security_group" {
  name = "Tf${var.network}EfsSecurityGroup"
  description = "Allow HTTP in and out of ${var.network} EFS"
  vpc_id = aws_vpc.vpc.id

  ingress {
    from_port   = 2049
    to_port     = 2049
    protocol    = "TCP"
    security_groups = [aws_default_security_group.xdcnode_security_group.id]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
  tags = {
    Name = "Tf${var.network}Efs"
  }
}

resource "aws_efs_file_system" "efs" {
  for_each = var.nodeKeys
  creation_token = "efs-${each.key}"
  performance_mode = "generalPurpose"
  throughput_mode = "bursting"
  encrypted = "true"
  lifecycle_policy {
    transition_to_ia = "AFTER_30_DAYS"
  }
  tags = {
    Name = "Tf${var.network}Efs${each.key}"
  }
 }

resource "aws_efs_mount_target" "efs_efs_mount_target" {
  for_each = var.nodeKeys
  file_system_id = aws_efs_file_system.efs[each.key].id
  subnet_id      = aws_subnet.subnet.id
  security_groups = [aws_security_group.efs_security_group.id]
}

resource "aws_efs_access_point" "efs_access_point" {
  for_each = var.nodeKeys
  file_system_id = aws_efs_file_system.efs[each.key].id
  root_directory {
    path = "/${each.key}/database"
    creation_info {
      owner_gid = 1001
      owner_uid = 1001
      permissions = 777
    }
  }
  posix_user {
    gid = 1001
    uid = 1001
    secondary_gids = [0]
  }
  
  tags = {
       Name = "Tf${var.network}EfsAccessPoint${each.key}"
   }
}