I am following this tutorial to mount efs on AWS EC2 instance but when Iam executing the mount command
sudo mount -t nfs4 -o vers=4.1 $(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone).[EFS-ID].efs.[region].amazonaws.com:/ efs
I am getting connection time out every time.
mount.nfs4: Connection timed out
What may be the problem here?
Thanks in advance!
Mounting EFS file systems from another AWS account or VPC. You can mount your Amazon EFS file system using IAM authorization for NFS clients and EFS Access Points using the EFS mount helper. By default, the EFS mount helper uses domain name service (DNS) to resolve the IP address of your EFS mount target.
Using the EFS mount helper, you have the following options for mounting your Amazon EFS file system: Mounting on supported EC2 instances. Mounting with IAM authorization. Mounting with Amazon EFS access points.
I found the accepted answer here to be incorrect & insecure, and Bao's answer above is very close - except you don't need NFS Inbound on your EC2 (mount target) security group. You just need a security group assigned to your EC2 (even with no rules) so that your EFS Security group can be limited to that security group... you know, for security! Here's what I found works:
EFS Target
, and leave all the rules blankEFS Mount
, and in this one add the inbound
rule for NFS. Set the SOURCE for this rule to the EFS Target
security group you created above. This limits EFS to only being able to connect to EC2 instances that have the EFS Mount
security group assigned (See below). If you're not worried about that, you can select "Any" from the Source dropdown and it'll work just the same, without the added level of securityEFS Target
group to your EC2 instance, assuming you're adding the extra securityEFS Mount
security group and remove the VPC Default group (if you haven't already)I don't like how they mixed vernacular here in terms of EC2 being a mount-target, but also EFS has individual mount-targets for each availability zone. Makes their documentation very confusing, but following the steps above allowed me to mount an EFS securely on an Ubuntu server.
Add type with NFS and port 2049 to the Inbound of your security group that your EC2 instances and EFS running on. It works for me.
Bao
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With