So, I am trying to integrate my lambda function with EFS. I am able to access the root directory (as read-only from lambda) as I can see <code>xyz</code> directory available in my root dir. <code>/mnt/</code> -> <code>xyz</code> When I try to access <code>/mnt/xyz</code> or <code>/mnt/xyz/</code> then I get this error: <pre class="prettyprint"><code>{ "errorType": "Error", "errorMessage": "EACCES: permission denied, scandir '/mnt/xyz/'", "trace": [ "Error: EACCES: permission denied, scandir '/mnt/xyz/'", " at Object.readdirSync (fs.js:948:3)", " at Runtime.exports.handler (/var/task/index.js:19:24)", " at Runtime.handleOnce (/var/runtime/Runtime.js:66:25)" ] } </code></pre> Permission given to the access point: 777

The issue that I was facing was related to the user/group id (ownership). The file was produced by an application running on AWS EC2 instance and consumed by AWS Lambda function. To find the owner/group of files use cmd <code>ls -al</code> <img src="https://i.stack.imgur.com/qDtce.png" alt="enter image description here"> To find the owner/group IDs use cmd <code>ls -n</code> <img src="https://i.stack.imgur.com/8HAvd.png" alt="enter image description here"> As the file produced by the root (UID: 0) I need to set the <code>owner id</code> and <code>group id</code> as <code>0</code> at EFS access point <img src="https://i.stack.imgur.com/YjkVF.png" alt="enter image description here"> This configuration resolved my issue.

I tried to replicate the issue, and can verify that I had the same problem. The help came from the following GitHub issue: EFS permission denied. The permission denied was caused by incorrectly set root and local mount point in the access point and lambda respectively. The correct setting that worked were: <h3>Access point (note <code>/lambda</code>)</h3> <img src="https://i.stack.imgur.com/MJDPe.png" alt="enter image description here"> <h3>Lambda (note <code>/mnt/lambda</code>)</h3> <img src="https://i.stack.imgur.com/aZHV9.png" alt="enter image description here"> These settings enable successful access to the EFS.

AWS Lambda EFS | EACCES: permission denied

So, I am trying to integrate my lambda function with EFS. I am able to access the root directory (as read-only from lambda) as I can see xyz directory available in my root dir. /mnt/ -> xyz

When I try to access /mnt/xyz or /mnt/xyz/ then I get this error:

{
  "errorType": "Error",
  "errorMessage": "EACCES: permission denied, scandir '/mnt/xyz/'",
  "trace": [
    "Error: EACCES: permission denied, scandir '/mnt/xyz/'",
    "    at Object.readdirSync (fs.js:948:3)",
    "    at Runtime.exports.handler (/var/task/index.js:19:24)",
    "    at Runtime.handleOnce (/var/runtime/Runtime.js:66:25)"
  ]
}

Permission given to the access point: 777

Can you use EFS with Lambda?

Lambda integrates with Amazon Elastic File System (Amazon EFS) to support secure, shared file system access for Lambda applications. You can configure functions to mount a file system during initialization with the NFS protocol over the local network within a VPC.

How do you add permission to lambda function?

You can also use resource-based policies to grant invoke permission to an AWS service that invokes a function in response to activity in your account. Open the Functions page of the Lambda console. Choose a function. Choose Configuration and then choose Permissions.

What permissions would be required for the package to function correctly in an AWS Lambda environment?

The correct permissions for all executable files within a Lambda deployment package is 644 in Unix permissions numeric notation. For folders within a deployment package, the correct permissions setting is 755.

The issue that I was facing was related to the user/group id (ownership). The file was produced by an application running on AWS EC2 instance and consumed by AWS Lambda function.

To find the owner/group of files use cmd ls -al

enter image description here

To find the owner/group IDs use cmd ls -n

enter image description here

As the file produced by the root (UID: 0) I need to set the owner id and group id as 0 at EFS access point

enter image description here

This configuration resolved my issue.

I tried to replicate the issue, and can verify that I had the same problem. The help came from the following GitHub issue: EFS permission denied.

The permission denied was caused by incorrectly set root and local mount point in the access point and lambda respectively. The correct setting that worked were:

Access point (note `/lambda`)

enter image description here

Lambda (note `/mnt/lambda`)

enter image description here

These settings enable successful access to the EFS.

AWS Lambda EFS | EACCES: permission denied

Tags:

amazon-web-services

aws-lambda

amazon-efs

amazon-iam

Nishant Thapliyal

People also ask

2 Answers

Nishant Thapliyal

Access point (note `/lambda`)

Lambda (note `/mnt/lambda`)

Marcin

Recent Activity

Donate For Us

AWS Lambda EFS | EACCES: permission denied

Tags:

amazon-web-services

aws-lambda

amazon-efs

amazon-iam

Nishant Thapliyal

People also ask

2 Answers

Nishant Thapliyal

Access point (note /lambda)

Lambda (note /mnt/lambda)

Marcin

Related questions

Recent Activity

Donate For Us

Access point (note `/lambda`)

Lambda (note `/mnt/lambda`)