(aws-efs): Add fileSystemArn property and grant method for FileSystem construct

[DaWyz]

When creating or importing a File System in a CDK App, the construct is missing the fileSystemArn property.

Use Case

When trying to grant permissions to a FileSystem, we have to build the fileSystem the policy and the arn manually.

const customStack = new Stack(app);

const customVpc = new ec2.Vpc(customStack, 'VPC');
const fs = new FileSystem(customVpc, 'EfsFileSystem', {
  vpc: customVpc,
});

new iam.PolicyStatement({
  actions: ['elasticfilesystem:ClientWrite'],
  resources: [Stack.of(scope).formatArn({
    service: 'elasticfilesystem',
    resource: 'file-system',
    resourceName: fs.fileSystemId,
  })],
});

That would become

const customStack = new Stack(app);

const customVpc = new ec2.Vpc(customStack, 'VPC');
const fs = new FileSystem(customVpc, 'EfsFileSystem', {
  vpc: customVpc,
});

fs.grant(grantee, 'elasticfilesystem:ClientWrite');

Proposed Solution

Add a fileSystemArn attribute to the construct.
Allow import using arn.
Add a grant method.

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

---

This is a 🚀 Feature Request

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.