efs-utils.conf 1.85 KB
Newer Older
Max Beckett's avatar
Max Beckett committed
1
2
3
4
5
6
7
8
9
10
11
12
#
# Copyright 2017-2018 Amazon.com, Inc. and its affiliates. All Rights Reserved.
#
# Licensed under the MIT License. See the LICENSE accompanying this file
# for the specific language governing permissions and limitations under
# the License.
#

[DEFAULT]
logging_level = INFO
logging_max_bytes = 1048576
logging_file_count = 10
13
# mode for /var/run/efs and subdirectories in octal
14
state_file_dir_mode = 750
Max Beckett's avatar
Max Beckett committed
15
16

[mount]
17
dns_name_format = {fs_id}.efs.{region}.{dns_name_suffix}
18
dns_name_suffix = amazonaws.com
19
20
#The region of the file system when mounting from on-premises or cross region.
#region = us-east-1
Max Beckett's avatar
Max Beckett committed
21
stunnel_debug_enabled = false
22
23
#Uncomment the below option to save all stunnel logs for a file system to the same file
#stunnel_logs_file = /var/log/amazon/efs/{fs_id}.stunnel.log
24
stunnel_cafile = /etc/amazon/efs/efs-utils.crt
Max Beckett's avatar
Max Beckett committed
25

26
# Validate the certificate hostname on mount. This option is not supported by certain stunnel versions.
Ian Patel's avatar
Ian Patel committed
27
stunnel_check_cert_hostname = true
Max Beckett's avatar
Max Beckett committed
28

Ian Patel's avatar
Ian Patel committed
29
# Use OCSP to check certificate validity. This option is not supported by certain stunnel versions.
30
stunnel_check_cert_validity = false
Max Beckett's avatar
Max Beckett committed
31
32
33
34
35

# Define the port range that the TLS tunnel will choose from
port_range_lower_bound = 20049
port_range_upper_bound = 20449

36
37
38
39
40
41
42
43
44
45
46
47
[mount.cn-north-1]
dns_name_suffix = amazonaws.com.cn

[mount.cn-northwest-1]
dns_name_suffix = amazonaws.com.cn

[mount.us-iso-east-1]
dns_name_suffix = c2s.ic.gov

[mount.us-isob-east-1]
dns_name_suffix = sc2s.sgov.gov

Max Beckett's avatar
Max Beckett committed
48
49
50
51
[mount-watchdog]
enabled = true
poll_interval_sec = 1
unmount_grace_period_sec = 30
52
53

# Set client auth/access point certificate renewal rate. Minimum value is 1 minute.
54
55
56
57
58
59
60
61
62
tls_cert_renewal_interval_min = 60

[cloudwatch-log]
# enabled = true
log_group_name = /aws/efs/utils

# Possible values are : 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653
# Comment this config to prevent log deletion
retention_in_days = 14