Skip to content
This repository has been archived by the owner on Jun 15, 2023. It is now read-only.

Latest commit

 

History

History
212 lines (160 loc) · 10.9 KB

accessing-fs.md

File metadata and controls

212 lines (160 loc) · 10.9 KB
Raw

Creating and managing mount targets

After you create an Amazon EFS file system, you can create mount targets. For Amazon EFS file systems that use Standard storage classes, you can create a mount target in each Available Zone in an AWS region. For EFS file systems that use One Zone stoarge classes, you can only create a single mount target in the same Availability Zone as the file system. Then you can mount the file system on compute instances, including Amazon EC2, Amazon ECS, and AWS Lambda in your virtual private cloud (VPC).

The following diagram shows an Amazon EFS file system that uses Standard storage classes, with mount targets created in all Availability Zones in the VPC.

[Diagram showing 3 Availability Zones in a VPC, containing EC2 instances and mount targets, and a mounted EFS regional file system.]

The following diagram shows an Amazon EFS file system using One Zone storage classes, with a single mount target created in the same Availability Zone as the file system.

[Diagram showing 2 Availability Zones in a VPC, containing EC2 instances, only one mount target, and a mounted EFS One Zone file system.]

The mount target security group acts as a virtual firewall that controls the traffic. For example, it determines which clients can access the file system. This section explains the following:

  • Managing mount target security groups and enabling traffic.

  • Mounting the file system on your clients.

  • NFS-level permissions considerations.

    Initially, only the root user on the Amazon EC2 instance has read-write-execute permissions on the file system. This topic discusses NFS-level permissions and provides examples that show you how to grant permissions in common scenarios. For more information, see Working with users, groups, and permissions at the Network File System (NFS) Level.

You can create mount targets for a file system using the AWS Management Console, AWS CLI, or programmatically using the AWS SDKs. When using the console, you can create mount targets when you first create a file system or after the file system is created.

For instructions to create mount targets using the Amazon EFS console when creating a new file system, see Step 2: Configure network access.

Managing mount targets using the Amazon EFS console

Use the following procedure to add or modify mount targets for an existing Amazon EFS file system.

To manage mount targets on an Amazon EFS file system (console)

  1. Sign in to the AWS Management Console and open the Amazon EFS console at https://console.aws.amazon.com/efs/.

  2. In the left navigation pane, choose File systems. The File systems page displays the EFS file systems in your account.

  3. Choose the file system that you want to manage mount targets for by choosing its Name or the File system ID to display the file system details page.

  4. Choose Network to display the list of existing mount targets.
    [Amazon EFS console file system details, network tab.]

  5. Choose Manage to display the Availability zone page and make modifications.
    [Amazon EFS console file system details, network tab.]

    On this page, for existing mount targets, you can add and remove security groups, or delete the mount target. You can also create new mount targets. Note
    For file systems that use One Zone storage classes, you can only create a single mount target that is in the same Availability Zone as the file system.

    • To remove a security group from a mount target, choose X next to the security group ID.
    • To add a security group to a mount target, choose Select security groups to display a list of available security groups. Or, enter a security group ID in the search field at the top of the list.
    • To queue a mount target for deletion, choose Remove. Note
      Before deleting a mount target, first unmount the file system.
    • To add a mount target, choose Add mount target. This is available only for file systems that use Standard storage classes, and if mount targets do not already exist in each Availability Zone for the AWS Region.

  6. Choose Save to save any changes.

To change the VPC for an Amazon EFS file system (console)

To change the VPC for a file system's network configuration, you must delete all of the file system's existing mount targets.

  1. Open the Amazon Elastic File System console at https://console.aws.amazon.com/efs/.

  2. In the left navigation pane, choose File systems. The File systems page shows the EFS file systems in your account.

  3. For the file system that you want to change the VPC for, choose the Name or the File system ID. The file system details page is displayed.

  4. Choose Network to display the list of existing mount targets.

  5. Choose Manage. The Availability zone page appears.

  6. Remove all mount targets displayed on the page.

  7. Choose Save to save changes and delete the mount targets. The Network tab shows the mount targets status as deleting.

  8. When all the mount targets statuses show as deleted, choose Manage. The Availability zone page appears.

  9. Choose the new VPC from the Virtual Private Cloud (VPC) list.

  10. Choose Add mount target to add a new mount target. For each mount target you add, enter the following:

    • An Availability zone
    • A Subnet ID
    • An IP address, or keep it set to Automatic
    • One or more Security groups

  11. Choose Save to implement the VPC and mount target changes.

Managing mount targets using the AWS CLI

Note
For file systems that use One Zone storage classes, you can only create a single mount target that is in the same Availability Zone as the file system.

To create a mount target (CLI)

  • To create a mount target, use the create-mount-target CLI command (corresponding operation is CreateMountTarget), as shown following.

    $ aws efs create-mount-target \
--file-system-id file-system-id \
--subnet-id  subnet-id \
--security-group ID-of-the-security-group-created-for-mount-target \
--region aws-region \
--profile adminuser

    The following example shows the command with sample data.

    $ aws efs create-mount-target \
--file-system-id fs-0123467 \
--subnet-id  subnet-b3983dc4 \
--security-group sg-01234567 \
--region us-east-2 \
--profile adminuser

    After successfully creating the mount target, Amazon EFS returns the mount target description as JSON as shown in the following example.

    {
    "MountTargetId": "fsmt-f9a14450",
    "NetworkInterfaceId": "eni-3851ec4e",
    "FileSystemId": "fs-b6a0451f",
    "LifeCycleState": "available",
    "SubnetId": "subnet-b3983dc4",
    "OwnerId": "23124example",
    "IpAddress": "10.0.1.24"
}

To retrieve a list of mount targets for a file system (CLI)

  • You can also retrieve a list of mount targets created for a file system using the describe-mount-targets CLI command (the corresponding operation is DescribeMountTargets), as shown following.

    $ aws efs describe-mount-targets --file-system-id fs-a576a6dc

    {
    "MountTargets": [
        {
            "OwnerId": "111122223333",
            "MountTargetId": "fsmt-48518531",
            "FileSystemId": "fs-a576a6dc",
            "SubnetId": "subnet-88556633",
            "LifeCycleState": "available",
            "IpAddress": "172.31.25.203",
            "NetworkInterfaceId": "eni-0123456789abcdef1",
            "AvailabilityZoneId": "use2-az2",
            "AvailabilityZoneName": "us-east-2b"
        },
        {
            "OwnerId": "111122223333",
            "MountTargetId": "fsmt-5651852f",
            "FileSystemId": "fs-a576a6dc",
            "SubnetId": "subnet-44223377",
            "LifeCycleState": "available",
            "IpAddress": "172.31.46.181",
            "NetworkInterfaceId": "eni-0123456789abcdefa",
            "AvailabilityZoneId": "use2-az3",
            "AvailabilityZoneName": "us-east-2c"
        },
        {
            "OwnerId": "111122223333",
            "MountTargetId": "fsmt-5751852e",
            "FileSystemId": "fs-a576a6dc",
            "SubnetId": "subnet-a3520bcb",
            "LifeCycleState": "available",
            "IpAddress": "172.31.12.219",
            "NetworkInterfaceId": "eni-0123456789abcdef0",
            "AvailabilityZoneId": "use2-az1",
            "AvailabilityZoneName": "us-east-2a"
        }
    ]
}

To delete an existing mount target (CLI)

  • To delete an existing mount target, use the delete-mount-target AWS CLI command (corresponding operation is DeleteMountTarget), as shown following. Note
    Before deleting a mount target, first unmount the file system.

    $ aws efs delete-mount-target \
--mount-target-id mount-target-ID-to-delete \
--region aws-region-where-mount-target-exists

    The following is an example with sample data.

    $ aws efs delete-mount-target \
--mount-target-id fsmt-5751852e \
--region us-east-2 \
```<a name="modify-mount-target-sg-cli"></a>

To modify the security group of an existing mount target

  • To modify security groups that are in effect for a mount target, use the modify-mount-target-security-group AWS CLI command (the corresponding operation is ModifyMountTargetSecurityGroups) to replace any existing security groups, as shown following.

    $ aws efs modify-mount-target-security-groups \
--mount-target-id mount-target-ID-whose-configuration-to-update \
--security-groups  security-group-ids-separated-by-space \
--region aws-region-where-mount-target-exists \
--profile adminuser

    The following is an example with sample data.

    $ aws efs modify-mount-target-security-groups \
--mount-target-id fsmt-5751852e \
--security-groups  sg-1004395a sg-1114433a \
--region us-east-2

For more information, see Walkthrough: Create an Amazon EFS File System and Mount It on an Amazon EC2 Instance Using the AWS CLI.