AWSTemplateFormatVersion: '2010-09-09' Description: Create VPC, subnets and EFS. Resources: MountTargetVPC: Type: AWS::EC2::VPC Properties: CidrBlock: 172.31.0.0/16 EnableDnsHostnames: True EnableDnsSupport: True MountTargetSubnetOne: Type: AWS::EC2::Subnet Properties: CidrBlock: 172.31.1.0/24 VpcId: !Ref MountTargetVPC AvailabilityZone: "us-east-1a" MountTargetSubnetTwo: Type: AWS::EC2::Subnet Properties: CidrBlock: 172.31.2.0/24 VpcId: !Ref MountTargetVPC AvailabilityZone: "us-east-1b" MountTargetSubnetThree: Type: AWS::EC2::Subnet Properties: CidrBlock: 172.31.3.0/24 VpcId: !Ref MountTargetVPC AvailabilityZone: "us-east-1c" FileSystemResource: Type: 'AWS::EFS::FileSystem' Properties: PerformanceMode: maxIO Encrypted: true FileSystemTags: - Key: Name Value: TestFileSystem FileSystemPolicy: Version: "2012-10-17" Statement: - Effect: "Allow" Action: - "elasticfilesystem:ClientMount" Principal: AWS: "*" MountTargetResource1: Type: AWS::EFS::MountTarget Properties: FileSystemId: !Ref FileSystemResource SubnetId: !Ref MountTargetSubnetOne SecurityGroups: - !GetAtt MountTargetVPC.DefaultSecurityGroup MountTargetResource2: Type: AWS::EFS::MountTarget Properties: FileSystemId: !Ref FileSystemResource SubnetId: !Ref MountTargetSubnetTwo SecurityGroups: - !GetAtt MountTargetVPC.DefaultSecurityGroup MountTargetResource3: Type: AWS::EFS::MountTarget Properties: FileSystemId: !Ref FileSystemResource SubnetId: !Ref MountTargetSubnetThree SecurityGroups: - !GetAtt MountTargetVPC.DefaultSecurityGroup AccessPointResource: Type: 'AWS::EFS::AccessPoint' Properties: FileSystemId: !Ref FileSystemResource PosixUser: Uid: "1000" Gid: "1000" RootDirectory: CreationInfo: OwnerGid: "1000" OwnerUid: "1000" Permissions: "0777" Path: "/myefs"