Mounting EFS on EC2 instance
Please use the menu below to navigate the article sections:
When we think about virtual machines in AWS, there is a service that comes to mind, and that is EC2. There are many different options for how to provision your EC2 instance, and there are also many different options for how you can configure storage for your EC2 Instance.
These different storage types have their pros and cons, but if you are looking to use a Network Attached file system in the cloud, and you want to benefit from an AWS Managed Service, you can use the Elastic File system to achieve your goals.
The Elastic File System (EFS) is a serverless, shared file system which you can mount multiple EC2 instances to. EFS automatically scales and shrinks on demand, and is designed to be a highly available and durable file storage solution for your EC2 instances.
In this tutorial, I am going to walk through how you can create and securely mount your very own EFS file system to your own EC2 instance, and test the connection between the EFS file system and the EC2 instance to ensure that the two are connected effectively.
Step 1. Create Your Security Groups
The first thing we need to do is create our Security Groups (two of them) one for each of the things that we are launching in this tutorial, our EC2 instance and our EFS file system.
Open the VPC dashboard and make your way to the Security Groups section from the left navigation pane. Once here select the ‘Create Security Group’ button in the top right corner This will open a new window for you in which you will make your Security groups.
The first security group will allow SSH full access to our EC2 instance to allow us to effectively connect our EC2 instance, and we will also allow any outbound creativity too – it should look like the image below and use the default VPC in whichever region you choose. Make sure for security purposes you include only your IP in the SSH inbound rule.
The second security group will be for the EFS file system, and you will need to allow Custom TCP traffic allows inbound traffic from your IP, using port 2409, and all outbound traffic. It will look like this.
Step 2. Create our EFS file system.
We will navigate to the EFS console within the AWS management console – and once we are here, click ‘Create Filesystem’.
I am calling my file system ‘EC2-Test’ and leave the initial defaults the same. Then click ‘Customize’ next to create.
We will leave the first page of options default and click next to take us to the ‘Network Access’ stage. Once on this page leave the default VPC as the selected option and select the checkboxes for all of the Availability Zones in whichever Region you use. Also, please make sure all mount targets use the default subnets and Automatic IP addresses. Also, remove the existing security groups, and add your pre-configured EFS security group to each mount target. I am using the us-east-1 region for this tutorial.
Then, click next. We will leave the defaults in place for the File System policy section for our purposes, however note that you can allow fine grained access to your EFS File System using file system policies. Click next again, and review our options and click Create.
After a few seconds, our File System should be available!
Make note of the file system ID on a separate notepad document so we can refer to it in the future.
Step 3. Migrate to the EC2 management console, launch our EC2 instance and mount our filesystem, then check this connection.
Once we are in the EC2 Management Console, find the ‘Launch Instance’ button, and select the Amazon Linux 2 AMI.
We then need to choose an Instance type – choose the t2.micro, which is the free tier option.
Once selected we will be Configuring the Instance Details.
Choose the default VPC, and for the subnet choose no preference.
Under File System, select ‘Add File System’ and it should automatically populate with the file system you have pre-configured in the previous steps in this tutorial – check the EFS system file id that we took note of in the previous step, and make sure it matches. Untick the box that asks us to automatically create and attach the correct Security Group. Note you can customize the path at which the file system will be mounted – however for this tutorial we shall leave it default, which is /mnt/efs/fs1.
Note also, that when you select the file system, it automatically populates the User Data so that the file system mounts automatically upon instance reboot, during a production environment.
We are then ready to move to the next stage. We will skip adding storage and tags.
Step 4. ‘Configure Security Group’
We are going to select the security group we made earlier – which is the EC2 Security group. Double check the rules and select ‘Review and Launch’.
Once you have reviewed the options, if you want to connect to the instance using anything other than EC2 instance connect, you will need to create a key pair. If you want to connect using EC2 instance connect however we will select ‘proceed without a key pair’ and click Launch Instances.
Once our instance state has transitioned to running, we will select the Instance and click ‘Connect’.
Once you have selected Connect, you should be automatically connected and you should see that you have logged into your instance with the login screen below.
You are now ready to run commands to check your EFS Filesystem is mounted to your EC2 instance.
The command that you will run is the following:
df -T -h
This command means the following. df means ‘disk free’ and is used to display the amount of available disk space for file systems. -T prints the filesystem type and -h makes it human readable.
When you run this command there will be a number of outputs, however you will see that in the default path (/mnt/efs/fs1) you will see our EFS File System attached, ready to use!
We have now successfully created our EC2 instance, and mounted our EFS file system on to it and verified the connection was successful.
AWS Training Courses
Amazon EC2 features in several of our AWS certification training courses including the following:
- AWS Certified Cloud Practitioner
- AWS Certified Solutions Architect Associate
- AWS Certified Developer Associate
- AWS Certified SysOps Administrator Associate
- AWS Certified Solutions Architect Professional