fix: (IAC-1162) AWS warns of misconfigured EFS mounts (#505)

roles/baseline/defaults/main.yml

@@ -111,6 +111,17 @@ NFS_CLIENT_CONFIG:
   storageClass:
     archiveOnDelete: "false"
     name: sas
+# EFS best practice NFS mount options for the aws provider
+NFS_EFS_CLIENT_CONFIG:
+  nfs:
+    mountOptions:
+      - noresvport
+      - rsize=1048576
+      - wsize=1048576
+      - soft
+      - timeo=600
+      - retrans=2
+      - _netdev
 
 ## pg-storage storage class config
 PG_NFS_CLIENT_NAME: nfs-subdir-external-provisioner-pg-storage

roles/baseline/tasks/nfs-subdir-external-provisioner.yaml

@@ -36,6 +36,18 @@
     - uninstall
     - update
 
+- name: Update NFS_CLIENT_CONFIG configurations for EFS
+  set_fact:
+    NFS_CLIENT_CONFIG: "{{ NFS_CLIENT_CONFIG | combine(NFS_EFS_CLIENT_CONFIG, recursive=True) }}"
+    PG_NFS_CLIENT_CONFIG: "{{ PG_NFS_CLIENT_CONFIG | combine(NFS_EFS_CLIENT_CONFIG, recursive=True) }}"
+  when:
+    - PROVIDER == "aws"
+    - STORAGE_TYPE_BACKEND is defined
+    - STORAGE_TYPE_BACKEND == "efs"
+  tags:
+    - install
+    - update
+
 - name: Deploy nfs-subdir-external-provisioner-sas
   kubernetes.core.helm:
     name: "{{ NFS_CLIENT_NAME }}"

roles/common/tasks/main.yaml

@@ -192,6 +192,12 @@
       when:
         - tfstate.ssh_private_key is defined
         - tfstate.ssh_private_key.value|length > 0
+    - name: tfstate - storage type backend var # noqa: name[casing]
+      set_fact:
+        STORAGE_TYPE_BACKEND: "{{ tfstate.storage_type_backend.value }}"
+      when:
+        - tfstate.storage_type_backend is defined
+        - tfstate.storage_type_backend.value|length > 0
     ### Deprecations
     - name: tfstate - postgres admin # noqa: name[casing]
       set_fact: