ModifyMountTargetSecurityGroups - Amazon Elastic File System


Modifies the set of security groups in effect for a mount target.

When you create a mount target, Amazon EFS also creates a new network interface. For more information, see CreateMountTarget. This operation replaces the security groups in effect for the network interface associated with a mount target, with the SecurityGroups provided in the request. This operation requires that the network interface of the mount target has been created and the lifecycle state of the mount target is not deleted.

The operation requires permissions for the following actions:

  • elasticfilesystem:ModifyMountTargetSecurityGroups action on the mount target's file system.

  • ec2:ModifyNetworkInterfaceAttribute action on the mount target's network interface.

Request Syntax

PUT /2015-02-01/mount-targets/MountTargetId/security-groups HTTP/1.1 Content-type: application/json { "SecurityGroups": [ "string" ] }

URI Request Parameters

The request uses the following URI parameters.


The ID of the mount target whose security groups you want to modify.

Length Constraints: Minimum length of 13. Maximum length of 45.

Pattern: ^fsmt-[0-9a-f]{8,40}$

Required: Yes

Request Body

The request accepts the following data in JSON format.


An array of up to five VPC security group IDs.

Type: Array of strings

Array Members: Maximum number of 100 items.

Length Constraints: Minimum length of 11. Maximum length of 43.

Pattern: ^sg-[0-9a-f]{8,40}

Required: No

Response Syntax

HTTP/1.1 204

Response Elements

If the action is successful, the service sends back an HTTP 204 response with an empty HTTP body.



Returned if the request is malformed or contains an error such as an invalid parameter value or a missing required parameter.

HTTP Status Code: 400


Returned if the mount target is not in the correct state for the operation.

HTTP Status Code: 409


Returned if an error occurred on the server side.

HTTP Status Code: 500


Returned if there is no mount target with the specified ID found in the caller's AWS account.

HTTP Status Code: 404


Returned if the size of SecurityGroups specified in the request is greater than five.

HTTP Status Code: 400


Returned if one of the specified security groups doesn't exist in the subnet's virtual private cloud (VPC).

HTTP Status Code: 400


Replace a mount target's security groups

The following example replaces security groups in effect for the network interface associated with a mount target.

Sample Request

PUT /2015-02-01/mount-targets/fsmt-9a13661e/security-groups HTTP/1.1 Host: x-amz-date: 20140620T223446Z Authorization: <...> Content-Type: application/json Content-Length: 57 { "SecurityGroups" : [ "sg-188d9f74" ] }

Sample Response

HTTP/1.1 204 No Content x-amzn-RequestId: 01234567-89ab-cdef-0123-456789abcdef

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: