Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

aws efs connection timeout at mount

Tags:

amazon-web-services

amazon-ec2

I am following this tutorial to mount efs on AWS EC2 instance but when Iam executing the mount command 

sudo mount -t nfs4 -o vers=4.1 $(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone).[EFS-ID].efs.[region].amazonaws.com:/ efs

I am getting connection time out every time.

mount.nfs4: Connection timed out

What may be the problem here?

Thanks in advance!

like image 538
pmann Avatar asked Jul 28 '16 09:07

pmann

People also ask

How do I permanently mount my EFS?

Mounting EFS file systems from another AWS account or VPC. You can mount your Amazon EFS file system using IAM authorization for NFS clients and EFS Access Points using the EFS mount helper. By default, the EFS mount helper uses domain name service (DNS) to resolve the IP address of your EFS mount target.

Can EFS be mounted?

Using the EFS mount helper, you have the following options for mounting your Amazon EFS file system: Mounting on supported EC2 instances. Mounting with IAM authorization. Mounting with Amazon EFS access points.

2 Answers

I found the accepted answer here to be incorrect & insecure, and Bao's answer above is very close - except you don't need NFS Inbound on your EC2 (mount target) security group. You just need a security group assigned to your EC2 (even with no rules) so that your EFS Security group can be limited to that security group... you know, for security! Here's what I found works:

  • Create a new security group for your EC2 instance. Name it EFS Target, and leave all the rules blank
  • Create a new security group for your EFS Mount. Name it EFS Mount, and in this one add the inbound rule for NFS. Set the SOURCE for this rule to the EFS Target security group you created above. This limits EFS to only being able to connect to EC2 instances that have the EFS Mount security group assigned (See below). If you're not worried about that, you can select "Any" from the Source dropdown and it'll work just the same, without the added level of security
  • Go to the EC2 console, and add the EFS Target group to your EC2 instance, assuming you're adding the extra security
  • Go to the EFS Console, select your EFS and choose Manage File System Access
    • For each EFS Mount Target (availability zone), you need to add the EFS Mount security group and remove the VPC Default group (if you haven't already)
  • The mount command in the AWS documentation should work now

I don't like how they mixed vernacular here in terms of EC2 being a mount-target, but also EFS has individual mount-targets for each availability zone. Makes their documentation very confusing, but following the steps above allowed me to mount an EFS securely on an Ubuntu server.

like image 90
Scott Byers Avatar answered Sep 20 '22 21:09

Scott Byers

Add type with NFS and port 2049 to the Inbound of your security group that your EC2 instances and EFS running on. It works for me.

Bao

like image 41
Bao Nguyen Avatar answered Sep 18 '22 21:09

Bao Nguyen
Sign in to Comment

Related questions

Recursive list s3 bucket contents with AWS CLI
DynamoDB query on boolean key
How to create variable number of EC2 instance resources in Cloudformation template?
ImportError: cannot import name md5
How to prevent a DynamoDB item being overwritten if an entry already exists
Upload entire directory tree to S3 using AWS sdk in node js
What is the difference between partition key and sort key in amazon dynamodb?
AWS Elastic Beanstalk logging with python (django)
Setting up private Github access with AWS Elastic Beanstalk and Ruby container
Access Denied while sending email from AWS SES in Lambda function
How to reduce storage(scale down) my RDS instance?
Why is my access denied on s3 (using the aws-sdk for Node.js)?
S3 Bucket Lambda Event: Unable to validate the following destination configurations
AWS Lambda Task timed out after 6.00 seconds
Amazon SES Email address is not verified
Enable CORS for API Gateway in Cloudformation template
How to create an ec2 instance using boto3
How to disable Amazon EC2 charging?
Validating Domain For AWS ACM in GoDaddy
Amazon Web Services (AWS) S3 Java create a sub directory (object)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!