Security groups define inbound and outbound access. When you change security groups associated with a mount target, make sure that you authorize necessary inbound and outbound access. Doing so enables your EC2 instance to communicate with the file system. For more information about security groups, see Creating security groups.
You can add or remove security groups for a file system's mount target by using the AWS Management Console, AWS CLI, or programmatically by using the AWS SDKs.
To modify security groups for mount targets
Use the following procedure to add or remove mount target security groups for an existing EFS file system.
Open the Amazon Elastic File System console at https://console.aws.amazon.com/efs/
. -
In the left navigation pane, choose File systems, and then select the file system for which you want to manage mount targets.
-
Choose Network and then choose Manage to display the mount targets for the file system.
-
To remove a security group from a mount target, choose X next to the security group ID.
-
To add a security group to a mount target, choose the security from the Security groups list.
-
Choose Save.
To modify the security group of an existing mount target (CLI)
-
To modify security groups that are in effect for a mount target, use the
modify-mount-target-security-groupAWS CLI command (the corresponding operation is ModifyMountTargetSecurityGroups) to replace any existing security groups, as shown following.$ aws efs modify-mount-target-security-groups \ --mount-target-idmount-target-ID-whose-configuration-to-update\ --security-groupssecurity-group-ids-separated-by-space\ --regionaws-region-where-mount-target-exists\ --profile adminuserThe following is an example with sample data.
$ aws efs modify-mount-target-security-groups \ --mount-target-idfsmt-5751852e\ --security-groupssg-1004395a sg-1114433a\ --regionus-east-2
