EFS mount point vs access point


Hi There,

Can someone help me understand what is the fundamental difference between an Access Point and a Mount Point in EFS. I have read the aws docs but I am still so confused!! Or maybe point me to a simple documentation..

Thanks in advance :)

Kind Regards, Dhairya

asked 2 years ago8714 views
2 Answers


When you create a EFS file system, it's mounted on a client through a mount target [mount target provides an IP address for an NFSv4 endpoint at which you can mount an Amazon EFS file system]. During mount operation, you specify a mount point [this is the local directory on the client where the EFS file system is mounted & accessible on the client]. Essentially you are presenting the top level/root of the filesystem to the client and all the data underneath. You must have proper privileges to perform these operations and you can use IAM to implement security controls. Following link provides good explanation of this along with some diagrams.


After creating a file system, by default only the root user (UID 0) has read, write, and execute permissions. For other users to modify the file system, the root user must explicitly grant them access. You can use access points to automate the creation of directories that a nonroot user can write from. For more information, see Working with Amazon EFS access points.

https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html https://docs.aws.amazon.com/efs/latest/ug/accessing-fs-nfs-permissions.html

Amazon EFS access points are application-specific entry points into an EFS file system that make it easier to manage application access to shared datasets. Access points can enforce a user identity, including the user's POSIX groups, for all file system requests that are made through the access point. Access points can also enforce a different root directory for the file system so that clients can only access data in the specified directory or its subdirectories.

You can use AWS Identity and Access Management (IAM) policies to enforce that specific applications use a specific access point. By combining IAM policies with access points, you can easily provide secure access to specific datasets for your applications. https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html

Essentially this comes down to the security permissions and how EFS is being used. Possible scenarios can be implementing use of EFS for a single application/user/dataset or multiple application/users/dataset. Hope this helps.

answered 2 years ago
profile pictureAWS
reviewed 2 years ago

If I use Access Point, is using IAM policies on top of it a MUST, or a CAN

answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions