AWS Lambda EFS | EACCES: permission denied

Question

So, I am trying to integrate my lambda function with EFS. I am able to access the root directory (as read-only from lambda) as I can see xyz directory available in my root dir. /mnt/ -> xyz

When I try to access /mnt/xyz or /mnt/xyz/ then I get this error:

{
  "errorType": "Error",
  "errorMessage": "EACCES: permission denied, scandir '/mnt/xyz/'",
  "trace": [
    "Error: EACCES: permission denied, scandir '/mnt/xyz/'",
    "    at Object.readdirSync (fs.js:948:3)",
    "    at Runtime.exports.handler (/var/task/index.js:19:24)",
    "    at Runtime.handleOnce (/var/runtime/Runtime.js:66:25)"
  ]
}

Permission given to the access point: 777

Answer 1

The issue that I was facing was related to the user/group id (ownership). The file was produced by an application running on AWS EC2 instance and consumed by AWS Lambda function.

To find the owner/group of files use cmd ls -al

To find the owner/group IDs use cmd ls -n

As the file produced by the root (UID: 0) I need to set the owner id and group id as 0 at EFS access point

This configuration resolved my issue.

Answer 2

I tried to replicate the issue, and can verify that I had the same problem. The help came from the following GitHub issue: EFS permission denied.

The permission denied was caused by incorrectly set root and local mount point in the access point and lambda respectively. The correct setting that worked were:

Access point (note /lambda)

Lambda (note /mnt/lambda)

These settings enable successful access to the EFS.