Amazon Elastic File System Now Supports Service-Linked Roles

The EFS service-linked role is predefined by Amazon EFS and includes permissions that the service requires to use other AWS services on your behalf. Examples include creating and deleting the Amazon Elastic Compute Cloud (Amazon EC2) Elastic Network Interfaces (ENIs) that Amazon EFS uses for the mount targets you use to access your EFS file systems.

Unlike a normal IAM role, you cannot delete the service-linked role if it is still in use by an Amazon EFS file system. This protects you from inadvertently revoking Amazon EFS’s required permissions to your resources. The addition of a service-linked role to Amazon EFS also helps with monitoring and auditing requirements in AWS CloudTrail by logging actions performed by Amazon EFS against its service-linked role.

The Amazon EFS service-linked role is available in all AWS regions where Amazon EFS is available, at no additional charge. To learn more about Amazon EFS and its service linked role, please visit the Amazon EFS user guide.