Mounting an Amazon EFS File System on an Amazon Lightsail Instance

Figure showing a Lightsail and an EC2 instance that simultaneously access an EFS file system.

Amazon Elastic File System (EFS) is a fully-managed service that provides an NFS file system for use with other AWS services as well as on-premises resources.

Amazon EFS can scale on demand to petabytes and can be concurrently accessible by thousands of instances. It provides strong data consistency and file locking across all instances that access a file system. For high availability and durability, Amazon EFS stores data across multiple availability zones within an AWS region. You can mount an EFS file system on your EC2 instance, Lightsail instance, or on-premises server using the standard Linux mount command.

To access EFS file systems from on-premises servers, you must have an AWS Direct Connect or AWS VPN connection.

To access an EFS file system from a Lightsail instance, you have to enable VPC peering of your Lightsail VPC with the default Amazon VPC. This blog post describes the complete procedure of how to create an EFS file system and then mount it on a Linux-based Lightsail instance.

How to Create an EFS File System and Mount it on a Lightsail Instance

To access an EFS file system from a Lightsail instance, you have to enable VPC peering of your Lightsail VPC with the default Amazon VPC.

Instances connect to EFS file systems by using mount targets that you create. A mount target provides an IP address for an NFSv4 endpoint at which you can mount an EFS file system. You can create one mount target in each availability zone of an AWS region.

You can enable VPC peering of your Lightsail VPC only with the default VPC. Thus, you have to create your EFS file system also in the default VPC.

Figure showing a Lightsail instance that connects to an EFS mount target from the peered default VPC.

To create an EFS file system and mount it on a Lightsail instance, perform the following steps:

  1. Create a new EFS file system.
    1. Open the Elastic File System Management Console at https://console.aws.amazon.com/efs and switch to the same AWS region where you are running your Lightsail instance. Then, click Create File System.
    2. For VPC, choose your default VPC. For mount targets, keep all availability zones selected. Then, click Next Step. Screen capture showing the EFS file system configuration settings.
      • If you have only one Lightsail instance and need to access your EFS file system only from this instance, you can select only one availability zone, the availability zone in which your Lightsail instance is running.
    3. In the optional settings, accept the default values (or configure the settings, for example, tags, as per your needs). Then, click Next Step.
    4. Review the EFS file system configuration, and, then, click Create File System.
    5. Wait until the state of the mount targets changes from Creating to Available.
      Then, for the mount target located in the same availability zone as your Lightsail instance, make a note of the IP address (Mount target IP address) and Security group.
  2. Peer your Lightsail VPC with the default VPC of the same AWS region.
    1. Open the Lightsail console at https://lightsail.aws.amazon.com/ls/webapp/home.
    2. Click Account on the top navigation menu and choose Account from the drop-down menu.
    3. Choose the Advanced tab. Then, select Enable VPC peering under the AWS region where you are running your Lightsail instance.
      For example, enable VPC peering in the US East (N. Virginia) region.

      Figure showing a Lightsail instance that connects to an EFS mount target from the peered default VPC.

  3. Allow traffic from the Lightsail VPC CIDR block to the EFS mount targets.
    1. Determine the CIDR block of the Lightsail VPC by executing on your Lightsail instance the following commands:
      MAC=$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/)
      curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/$MAC/vpc-ipv4-cidr-block/
      
      • Alternatively, you can find the Lightsail VPC CIDR block in the information about the peering connection that you created in the previous step. The list of all peering connections is available in the VPC Management Console.
    2. Open the VPC Management Console at https://console.aws.amazon.com/vpc and switch to the same AWS region where you created your EFS file system and where you are running your Lightsail instance. Then, in the navigation pane, choose Security Groups and add the following inbound rule for the security group from Step 1e:
      Type: NFS
      Protocol: TCP
      Port Range: 2049
      Source: the CIDR block of the Lightsail VPC
      • If you have only one Lightsail instance, you may want to grant access only to the private IP address of this Lightsail instance.
  4. Check connectivity between your Lightsail instance and the EFS mount target.
    For the IP address of the mount target from Step 1e, execute on the Lightsail instance the following command:
    nc -z <Mount target IP address> 2049
    
    Below is an example output of a successful test.
    Connection to ... 2049 port [tcp/nfs] succeeded!
    
  5. Install on your Lightsail instance the nfs-utils package, and mount your EFS file system.
    To install the nfs-utils package, for example, on a Lightsail instance running Amazon Linux 2018.03, execute the following command:
    sudo yum install -y nfs-utils
    
    To mount your EFS file system, in the following command, replace <Mount target IP address> with the IP address of the mount target from Step 1e.
    sudo mkdir /mnt/efs
    sudo mount -t nfs -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport <Mount target IP address>:/ /mnt/efs