Steps to Mount an Amazon EFS File System to an EC2 Instance (Amazon Linux 2023)
Introduction
Amazon EFS (Elastic File System) is a managed file system service that can be shared between Amazon EC2 instances. It can be accessed simultaneously from multiple EC2 instances and scales automatically, making it very convenient for sharing application data.
Since I couldn't find an article that summarized the series of steps from installing the amazon-efs-utils package on Amazon Linux 2023 to mounting the EFS file system and configuring it to automatically mount after reboot, I've compiled all the procedures in this article.
Prerequisites
- OS: Amazon Linux 2023 (AL2023)
- EFS file system: Already created
- Security group settings: Communication allowed from EC2 to EFS (port 2049/NFS)
- VPC: EC2 and EFS exist in the same VPC
EFS uses the NFS (Network File System) protocol on port 2049 for access.
Please verify in advance that communication to this port is allowed in the EC2 instance's security group.
The following article is helpful for building EFS file systems:
Procedure
1. Preliminary Check
Connect to the EC2 instance and check the current disk usage.
$ df -Ph
Filesystem Size Used Avail Use% Mounted on
devtmpfs 4.0M 0 4.0M 0% /dev
tmpfs 204M 0 204M 0% /dev/shm
tmpfs 82M 416K 82M 1% /run
/dev/nvme0n1p1 8.0G 1.8G 6.2G 22% /
tmpfs 204M 0 204M 0% /tmp
/dev/nvme0n1p128 10M 1.3M 8.7M 13% /boot/efi
2. Installing the amazon-efs-utils package
Install the amazon-efs-utils package required for EFS mounting.
$ sudo dnf -y install amazon-efs-utils
~omitted~
Installed:
amazon-efs-utils-2.1.0-1.amzn2023.x86_64 stunnel-5.58-1.amzn2023.0.2.x86_64
Complete!
The amazon-efs-utils package includes the EFS mount helper and stunnel needed for TLS encryption. On AL2023, it can be easily installed from the standard repository.
For non-AL2023 cases, please refer to the following documentation for installation:
3. Creating a Mount Point
Create a directory to use as the mount point for the EFS file system.
$ sudo mkdir /ABC/
In this example, we've created the /ABC directory, but for actual operations, we recommend using appropriate names such as /opt/app/data or /mnt/efs according to your needs.### 4. Mounting the EFS File System
Let's mount the EFS file system.
$ sudo mount -t efs -o tls fs-02c0b784c564bf93c:/ /ABC
- Replace
fs-02c0b784c564bf93cwith your actual EFS file system ID - The
tlsoption enables encryption of data during transfer- In production environments, using TLS encryption is recommended for security reasons
This command connects the /ABC directory (local path) on the EC2 instance with the root directory (/) of the EFS file system fs-02c0b784c564bf93c.
Example:
- Path on EC2:
/ABC/test.txt - Actual location on EFS:
fs-02c0b784c564bf93c:/test.txt
After mounting, all file operations (creation, editing, deletion) performed under /ABC will actually be executed on the EFS.
The above uses the file system ID for mounting.
For information on mounting using the file system DNS name or using the mount target IP address, please refer to the following documentation:
5. Verifying the Mount Status
Check if EFS is properly mounted.
$ df -h /ABC
Filesystem Size Used Avail Use% Mounted on
127.0.0.1:/ 8.0E 0 8.0E 0% /ABC
EFS has virtually unlimited capacity, which is why the size shows as 8.0E (8 exabytes).
Why it displays as 127.0.0.1:/
When using TLS encryption, the EFS mount helper internally starts a stunnel process and connects to EFS via a local port (in the 20449-21049 range).
Therefore, the NFS client appears to be mounted to the localhost (127.0.0.1), but it's actually communicating with EFS via encrypted communication through stunnel. This is normal behavior.
6. Testing the Operation
Create a test file to confirm that reading and writing to EFS works properly.
$ echo "EFS mount test" | sudo tee /ABC/test.txt
EFS mount test
$ cat /ABC/test.txt
EFS mount test
We've confirmed that file creation and reading work correctly.### 7. Automatic Mount Configuration
Configure the EFS to automatically mount after an EC2 instance reboot.
$ echo "fs-02c0b784c564bf93c:/ /ABC efs _netdev,noresvport,tls 0 0" | sudo tee -a /etc/fstab
fs-02c0b784c564bf93c:/ /ABC efs _netdev,noresvport,tls 0 0
Details of each mount option:
-
_netdev(Network Required)- Notifies systemd that the filesystem is accessed over the network
- Mounts the filesystem after network services (network.target) have started
- Why it's required: Since EFS is accessed over the network, attempting to mount before the network is available may fail and potentially halt the EC2 instance boot process
- Required for proper service startup order due to systemd dependencies
-
noresvport(Port Reuse)- Uses a new TCP port when the network connection drops and reconnects
- Maintains connection to the EFS filesystem after recovering from network failures
-
tls(Encryption)- Enables encryption during data transfer
- Recommended for production environments to enhance security
For more details on each option, please refer to the following documentation:
8. Verify with Reboot Test
Restart the EC2 instance from the EC2 console to verify that the automatic mount works correctly.
After rebooting, reconnect to the EC2 instance and verify:
$ df -h /ABC
Filesystem Size Used Avail Use% Mounted on
127.0.0.1:/ 8.0E 0 8.0E 0% /ABC
$ cat /ABC/test.txt
EFS mount test
We've confirmed that the EFS automatically mounts after reboot, and we can access the test file we created previously.
In Conclusion
In this article, we explained the procedure for mounting an Amazon EFS filesystem to an EC2 instance (Amazon Linux 2023).
We covered the complete workflow from installing the amazon-efs-utils package, performing the actual mount operation, to configuring automatic mounting after reboots.
By utilizing EFS, you can share files between multiple EC2 instances and easily build scalable, highly available file storage. Additionally, using TLS encryption enables secure data transfer.
I hope this article has been helpful.
