- Newest
- Most votes
- Most comments
Hello! EFS is a VPC-bound service and uses private IPs from your VPC. When you create an EFS system, the default behavior deploys it with one private IP per Availability Zone in its host VPC. If you don't care which private IPs it chooses from, you can just find the IP addresses it chose by navigating to the "Network" tab of the system's overview page. This private IP is static and will remain the same for the lifetime of the system, so you can simply add explicit Security Group rules for each of those private IPs. If you want to control the IP ranges that the EFS system might choose from:
- For each Availability Zone you plan on having the EFS system in, define a subnet to house it. (Keep in mind the smallest subnet mask possible is /28, so you must have at minimum 14 available private IPs per AZ to make these subnets).
- When creating the EFS system, select "Customize" after selecting the "Create file system" button.
- Progress to the "Network Access" section, then assign each Mount Target to each of the subnets you created in step 1 above. Finish file system creation as you would normally.
- When configuring your Security Groups, restrict the Port 111 access to the CIDR range(s) of the subnets you placed the Mount Targets in.
Hope this helps out!
- The EFS IP addresses are available on the File System Network Tab.
- In the Console, Goto EFS, Go to the Network Tab and you will see the private IP addresses used.
- You can also use the security group of the EFS filesystem as the target instead of the IP Ranges.
The recommendations above provide an effective guide for mounting AWS Elastic File System (EFS) Accesspoint using NFS .
However, AWS EFS supports only NFSv4, meaning it exclusively uses Port 2049 and does not rely on Port 111. This distinction, which aligns with NFSv4 standards, allows EFS to operate without the RPC binding required by NFSv3. Consequently, firewall or security group configurations should only open Port 2049 for inbound and outbound traffic. You can learn more in this [AWS re:Post discussion] (https://repost.aws/questions/QU7hKrJykNTd6G7W2Vth54QA/can-aws-efs-listen-on-a-port-besides-2049-i-e-111). For additional insights into the NFS versions supported by EFS, refer to the AWS EFS documentation.
To mount EFS over NFS, the Portmapper service is unnecessary. Instead, ensure the EFS Utils package is installed and specify the EFS filesystem type in your mount command. The exact command for mounting is accessible by navigating to the EFS Access Point and clicking “Attach.”
For more information on EFS Utils installation, visit the AWS EFS Utils Guide. For a complete step-by-step guide on mounting via EFS Access Points, check out the AWS EFS Access Point Mount Steps.
Hope this helps streamline your setup!
Relevant content
- asked 3 years ago
- asked 6 years ago
- asked 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago