Using AWS Systems Manager to automatically install or update Amazon EFS client
You can use AWS Systems Manager to simplify the management of the Amazon EFS client
(amazon-efs-utils). AWS Systems Manager is an AWS service that you can use to view
and control your infrastructure on AWS. With AWS Systems Manager you can automate the tasks required to
install or update the amazon-efs-utils package on your EC2 instances. The
Systems Manager capabilities like Distributor and State Manager enable you to automate the following
processes:
Maintaining version control over the Amazon EFS client.
Centrally storing and systematically distributing the Amazon EFS client to your Amazon EC2 instances.
Automate the process of keeping your Amazon EC2 instances in a defined state.
For more information, see AWS Systems Manager User Guide.
What the Amazon EFS client does during installation
You use the Amazon EFS client to automate monitoring Amazon CloudWatch logs for file system mount status and upgrade stunnel
to the latest version for selected Linux distributions. When you install the Amazon EFS client on your Amazon EC2 instances using Systems Manager, it takes
the following actions:
Installs the
botocorepackage using the same steps described in Installing and upgrading botocore. The Amazon EFS client usesbotocoreto monitor the EFS file system mount status.Enables the monitoring of EFS file system mount status in CloudWatch logs by updating
efs-utils.conf. For more information, see Monitoring mount attempt success or failure status.For EC2 instances running
RHEL7orCentOS7, the Amazon EFS client automatically upgradesstunnelas described in Upgrading stunnel. Upgradingstunnelis required in order to successfully mount an EFS file system using TLS, and thestunnelversion shipped withRHEL7andCentOS7does not support the Amazon EFS client (amazon-efs-utils).
Systems Manager Distributor supported operating systems
Your EC2 instances must be running one of the following operating systems in order to be used with AWS Systems Manager to automatically update or install the Amazon EFS client.
| Platform | Platform version | Architecture |
|---|---|---|
| Amazon Linux 2023 (AL2023) | AL2023 | x86_64, arm64 (Graviton2 or later processors) |
| Amazon Linux 2 (AL2) |
2.0 |
x86_64, arm64 (Amazon Linux 2, A1 instance types) |
|
Amazon Linux (AL1) |
2017.09, 2018.03 |
x86_64 |
|
CentOS |
7, 8 |
x86_64 |
|
Red Hat Enterprise Linux (RHEL) |
7, 8 |
x86_64, arm64 (RHEL 7.6 and later, A1 instance types) |
| SUSE Linux Enterprise Server (SLES) | 12, 15 | x86_64 |
|
Ubuntu Server |
16.04, 18.04, 20.04 |
x86_64, arm64 (Ubuntu Server 16 and later, A1 instance types) |
How to use AWS Systems Manager to automatically install or update amazon-efs-utils
There are two one-time configurations required to setup Systems Manager to automatically install or update the amazon-efs-utils package.
Configure an AWS Identity and Access Management (IAM) instance profile with the required permissions.
Configure an Association (including the schedule) used for installation or updates by the State Manager
Step 1: Configure an IAM instance profile with the required permissions
By default, AWS Systems Manager doesn't have permission to manage your Amazon EFS clients and install or update the amazon-efs-utils package. You must grant access to Systems Manager by using an AWS Identity and Access Management (IAM) instance profile. An instance profile is a container that passes IAM role information to an Amazon EC2 instance at launch.
Use the AmazonElasticFileSystemsUtils AWS managed permission policy
to assign the appropriate permissions to roles. You can create a new role
for your instance profile or add the AmazonElasticFileSystemsUtils
permission policy to an existing role. You must then use this instance profile to launch
your Amazon EC2 instances. For more information, see
Step 4: Create an IAM instance profile for Systems Manager.
Step 2: Configure an Association used by State Manager for installing or updating the Amazon EFS client
The amazon-efs-utils package is included with Distributor and is ready for you to deploy to
managed EC2 instances. To view the latest version of amazon-efs-utils that is
available for installation, you can use the AWS Systems Manager console or your preferred AWS
command line tool. To access Distributor, open the https://console.aws.amazon.com/systems-manager/
Using State Manager, you can install or update the amazon-efs-utils package on your managed
EC2 instances immediately or on a schedule. Additionally, you can ensure that amazon-efs-utils
is automatically installed on new EC2 instances. For more information about installation or updating
packages using Distributor and State Manager, see
Working with Distributor.
To automatically install or update the amazon-efs-utils package on instances using the Systems Manager console, see Scheduling a package installation or update (console). This will prompt you to create an association for State Manager, which defines the state you want to apply to a set of instances. Use the following inputs when you create your association:
For Parameters choose Action > Install and Installation Type > In-place update.
For Targets the recommended setting is Choose all instances to register all new and existing EC2 instances as targets to automatically install or update AmazonEFSUtils. Alternatively, you can specify instance tags, select instances manually, or choose a resource group to apply the association to a subset of instances. If you specify instance tags, you must launch your EC2 instances with the tags to allows AWS Systems Manager to automatically install or update the Amazon EFS client.
For Specify schedule the recommended setting for AmazonEFSUtils is every 30 days. You can use controls to create a cron or rate schedule for the association.
To use AWS Systems Manager to mount multiple an Amazon EFS file system to multiple EC2 instances, see Mounting EFS to multiple EC2 instances using AWS Systems Manager.
