Menu
I am trying to setup EFS and access it using EC2 instances in different availability zones. I have created a separate security group for EFS, which allows traffic for the security group attached to EC2 instances. Installed amazon-efs-utils utility on the EC2 instances also. But when trying to execute the following command: sudo mount -t efs -o tls EFS-ID:/ efs
I am getting the following error:
mount.nfs4: Connection reset by peer
I have tried it several times, but it did not work. What am I missing here ? Could anyone please let me know.
Thanks
915
This result is because network file systems need to be initialized after the compute instance starts its networking. If this issue occurs, contact AWS Support. For instances that use the systemd init system with two or more Amazon EFS entries at /etc/fstab, there might be times where some or all of these entries are not mounted.
mount.nfs4: Connection reset by peer. We are using the recommended mount command: mount -t efs -o tls [EFS file system ID]:/ /mnt. This happens in ~0.2% of all mount attempts from all our VPCs. It's a particularly nasty issue because it seems to prevent the mount process from being killed cleanly.
Create a CodeBuild project to use with Amazon EFS Create a AWS CodeBuild project that uses the VPC you created earlier in this sample. When the build is run, it mounts the Amazon EFS file system created earlier.
I have created a separate security group for EFS, which allows traffic for the security group attached to EC2 instances. Installed amazon-efs-utils utility on the EC2 instances also. But when trying to execute the following command: sudo mount -t efs -o tls EFS-ID:/ efs
For me, I needed a combination of other answers (Kingsley and Anton - give them some votes if my answer helps).
First, I made sure the EFS volume and the EC2 instance had a shared security group.
Second, I made sure that specific security group allowed both Inbound and Outbound access on the NFS port, using itself as the "target". To make sure that's clear, if my security group is sg-1234, then I edited the inbound rules for sg-1234 - adding an entry for NFS that targeted sg-1234. The same may be necessary with outbound, but my SG already had outbound access wide open.
I may not have needed the shared security group, but could have used the EC2 security group as the target of an inbound NFS rule in the EFS security group.
113
Does the first answer on here help you?
https://forums.aws.amazon.com/thread.jspa?threadID=236697
(which recommends going to the Network Interfaces menu within EC2 and checking that the mount targets for the EFS volume are in the same security group as your EC2 instances).
Cheers, Kingsley.
36
Go to your efs security group
In inbound rules add rules and try again
enter image description here
25
for me it was to add 0.0.0.0/0 as the the 'Source' for NFS in the security group:
https://acloud.guru/forums/aws-csa-2019/discussion/-M53gZu0xfEjCpLq_uBD/elastic_file_system_lab-_mount
40
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
