Mounting EFS File Systems - Amazon Elastic File System

Mounting EFS File Systems

In the following section, you can learn how to mount your Amazon EFS file system on a Linux instance using the Amazon EFS mount helper. In addition, you can find how to use the file fstab to automatically remount your file system after any system restarts. To learn more about the Amazon EFS mount helper, see EFS Mount Helper.

Before the Amazon EFS mount helper was available, we recommended mounting your Amazon EFS file systems using the standard Linux NFS client. For more information on those changes, see Mounting File Systems Without the EFS Mount Helper.

Note

You can configure a new Amazon EC2 Linux instance to mount an Amazon EFS file system when it launches. However, before you mount a file system, you must create, configure, and launch your related AWS resources. For detailed instructions, see Getting Started with Amazon Elastic File System.

Troubleshooting AMI and Kernel Versions

To troubleshoot issues related to certain Amazon Machine Image (AMI) or kernel versions when using Amazon EFS from an Amazon EC2 instance, see Troubleshooting AMI and Kernel Issues.

Installing the amazon-efs-utils Package

To mount your Amazon EFS file system on your Amazon EC2 instance, we recommend that you use the mount helper in the amazon-efs-utils package. The amazon-efs-utils package is an open-source collection of Amazon EFS tools. For more information, see Installing the amazon-efs-utils Package on Amazon Linux.

Mounting with the EFS Mount Helper

You can mount an Amazon EFS file system on a number of clients using the Amazon EFS mount helper. The following sections, you can find the mount helper process for the different types of clients.

Mounting on Amazon EC2 with the EFS Mount Helper

Important

If you are mounting an EFS file system in the China (Beijing) Region or China (Ningxia) Region, run the following command before you run the sudo mount command. Doing this ensures that the EFS mount helper uses the correct DNS name for your file system.

$ echo -e '\n[mount.cn-north-1]\ndns_name_suffix = amazonaws.com.cn\n\n[mount.cn-northwest-1]\ndns_name_suffix = amazonaws.com.cn' | sudo tee -a /etc/amazon/efs/efs-utils.conf

You can mount an Amazon EFS file system on an Amazon EC2 instance using the Amazon EFS mount helper. For more information on the mount helper, see EFS Mount Helper. To use the mount helper, you need the following:

  • The file system ID of the EFS file system that you want to mount – After you create an Amazon EFS file system, you can get that file system's ID from the console or programmatically through the Amazon EFS API. The ID is in this format: fs-12345678.

  • An Amazon EFS mount target – You create mount targets in your virtual private cloud (VPC). If you create your file system in the console, you create your mount targets at the same time. For more information, see Creating a Mount Target Using the Amazon EFS console.

  • An Amazon EC2 instance running a supported distribution of Linux – The supported Linux distributions for mounting your file system with the mount helper are the following:

    • Amazon Linux 2

    • Amazon Linux 2017.09 and newer

    • Red Hat Enterprise Linux (and derivatives such as CentOS) version 7 and newer

    • and Ubuntu 16.04 LTS and newer

  • The Amazon EFS mount helper installed – The mount helper is a tool in amazon-efs-utils. For information on how to install amazon-efs-utils, see Installing the amazon-efs-utils Package on Amazon Linux.

To mount your Amazon EFS file system with the mount helper

  1. Access the terminal for your instance through Secure Shell (SSH), and log in with the appropriate user name. For more information on how to do this, see Connecting to Your Linux Instance Using SSH in the Amazon EC2 User Guide for Linux Instances.

  2. Run the following command to mount your file system.

    sudo mount -t efs fs-12345678:/ /mnt/efs

    Alternatively, if you want to use encryption of data in transit, you can mount your file system with the following command.

    sudo mount -t efs -o tls fs-12345678:/ /mnt/efs

Mounting with IAM Authorization

To mount your Amazon EFS file system on Linux instances using AWS Identity and Access Management (IAM) authorization, you use the EFS mount helper. For more information about IAM authorization for NFS clients, see Using IAM to Control NFS Access to Amazon EFS.

Mounting with IAM Using an EC2 Instance Profile

If you are mounting with IAM authorization to an Amazon EC2 instance with an instance profile, use the tls and iam mount options, shown following.

$ sudo mount -t efs -o tls,iam file-system-id efs-mount-point

To automatically mount with IAM authorization to an Amazon EC2 instance that has an instance profile, add the following line to the /etc/fstab file on the EC2 instance.

file-system-id:/ efs-mount-point efs _netdev,tls,iam 0 0

Mounting with IAM Using a Named Profile

You can mount with IAM authorization using the IAM credentials located in the AWS CLI credentials file ~/.aws/credentials, or the AWS CLI config file ~/.aws/config. If "awsprofile" is not specified, the "default" profile is used.

To mount with IAM authorization to a Linux instance using a credentials file, use the tls, awsprofile, and iam mount options, shown following.

$ sudo mount -t efs -o tls,iam,awsprofile=namedprofile file-system-id efs-mount-point/

To automatically mount with IAM authorization to a Linux instance using a credentials file, add the following line to the /etc/fstab file on the EC2 instance.

file-system-id:/ efs-mount-point efs _netdev,tls,iam,awsprofile=namedprofile 0 0

Mounting with EFS Access Points

You can mount an EFS file system using an EFS access point. To do this, use the EFS mount helper.

When you mount a file system using an access point, the mount command includes the access-point-id and the tls mount option in addition to the regular mount options. An example is shown following.

$ sudo mount -t efs -o tls,accesspoint=access-point-id file-system-id efs-mount-point

To automatically mount a file system using an access point, add the following line to the /etc/fstab file on the EC2 instance.

file-system-id efs-mount-point efs _netdev,tls,accesspoint=access-point-id 0 0

For more information about EFS access points, see Working with Amazon EFS Access Points.

Mounting Automatically with EFS Mount Helper

You also have the option of mounting automatically by adding an entry to your /etc/fstab file. When you mount automatically using /etc/fstab, you must add the _netdev mount option. For more information, see Using /etc/fstab to Mount Automatically.

Note

Mounting with the mount helper automatically uses the following mount options that are optimized for Amazon EFS:

  • nfsvers=4.1

  • rsize=1048576

  • wsize=1048576

  • hard

  • timeo=600

  • retrans=2

  • noresvport

To use the mount command, the following must be true:

  • The connecting EC2 instance must be in a virtual private cloud (VPC) based on the Amazon VPC service. It also must be configured to use the DNS server provided by Amazon. For information about the Amazon DNS server, see DHCP Options Sets in the Amazon VPC User Guide.

  • The VPC of the connecting EC2 instance must have DNS hostnames enabled. For more information, see Viewing DNS Hostnames for Your EC2 Instance in the Amazon VPC User Guide.

Note

We recommend that you wait 90 seconds after creating a mount target before you mount your file system. This wait lets the DNS records propagate fully in the AWS Region where the file system is.

Mounting on Your On-Premises Linux Client with the EFS Mount Helper over AWS Direct Connect and VPN

You can mount your Amazon EFS file systems on your on-premises data center servers when connected to your Amazon VPC with AWS Direct Connect or VPN. Mounting your Amazon EFS file systems with amazon-efs-utils also makes mounting simpler with the mount helper and allows you to enable encryption of data in transit.

To see how to use amazon-efs-utils with AWS Direct Connect and VPN to mount Amazon EFS file systems onto on-premises Linux clients, see Walkthrough: Create and Mount a File System On-Premises with AWS Direct Connect and VPN.