Managing file system network accessibility - Amazon Elastic File System

Managing file system network accessibility

You mount your file system on Amazon EC2 or other AWS compute instance in your virtual private cloud (VPC) using a mount target that you create for the file system. Managing file system network accessibility refers to managing a file system's mount targets.

The following illustration shows how EC2 instances in a VPC access an Amazon EFS file system using a mount target.

Diagram showing Availability Zones in a VPC, containing EC2 instances and mount targets, and a mounted EFS file system.

The illustration shows three EC2 instances launched in different VPC subnets accessing an Amazon EFS file system. The illustration also shows one mount target in each of the Availability Zones (regardless of the number of subnets in each Availability Zone).

You can create only one mount target per Availability Zone. If an Availability Zone has multiple subnets, as shown in one of the zones in the illustration, you create a mount target in only one of the subnets. As long as you have one mount target in an Availability Zone, the EC2 instances launched in any of its subnets can share the same mount target.

Managing mount targets refers to these activities:

  • Creating and deleting mount targets in a VPC – At a minimum, you should create a mount target in each Availability Zone from which you want to access the file system.

  • Updating the mount target configuration – When you create a mount target, you associate security groups with the mount target. A security group acts as a virtual firewall that controls the traffic to and from the mount target. You can add inbound rules to control access to the mount target, and thus the file system. After creating a mount target, you might want to modify the security groups assigned to them.

The following sections provide information about managing network accessibility of your file system.