Kloudle
academy

How to set up EFS and use with multiple instances in different VPCs

Riyaz Walikar
#aws#cloudsecurity#efs#vpc
Feature image

Introduction

In our academy article - AWS EBS vs S3 vs EFS, we introduced the three storage services provided by AWS. We have already covered S3 and EBS services in our last two academy articles and now let’s dive into AWS EFS in this one!

EFS (Amazon Elastic File System) is a file based storage service from AWS. EFS provides a simple, serverless, set-and-forget elastic file system. It is scalable so removing and adding files makes it grow and shrink automatically. Many instances whether on AWS or on-premise can be attached to EFS. It allows for persistent storage and secure sharing of data.

In this article we will not only cover how to set up an EFS, but we’ll also see how you can access EFS from instances in a different VPC.

Creating an EFS file system

  1. Login to your AWS account ( https://aws.amazon.com/console/ )

  2. Open the Elastic File System console

    Elastic File System console

  3. Once the Elastic File System console opens select “Create File System”

    Create File System

  4. Create File System dialogue box opens. Give a name for your file system

    Create File System name

  5. Select the VPC in which you want to create the EFS

    EFS VPC

  6. Select the type of storage class you want for your EFS

    EFS One Zone: One Zone storage classes store file system data and metadata redundantly within a single Availability Zone which makes it less expensive than Standard storage classes. Also we have to select the Availability Zone in which to use the EFS.

    EFS One Zone

    EFS Standard: Standard storage classes store file system data and metadata redundantly across all Availability Zones within an AWS Regio

    EFS Standard

  7. Click on “Create” and the EFS file system will be created successfully

    EFS Create

Access EFS from a different VPC

In this section, we will create an EC2 instance with Ubuntu as the OS in a VPC that is different from where the EFS was created. We will use the EFS Mount helper which is part of the amazon-efs-utils set of tools.

  1. Create an EC2 Instance in a VPC different from where we created EFS in the previous section

  2. SSH into the EC2 instance created in the first step

  3. Give appropriate EC2 and EFS permissions to the role attached to this EC2 Instance

  4. Install amazon-efs-utils tool once you SSH into the EC2 instance. Follow the commands below for tool installation: ```bash sudo apt-get update

     sudo apt-get -y install git binutils
    
     git clone [https://github.com/aws/efs-utils](https://github.com/aws/efs-utils)
    
     cd /path/efs-utils
    
     ./build-deb.sh
    
     sudo apt-get -y install ./build/amazon-efs-utils*deb
     ```
  5. To be able to access EFS from a different VPC, we will need to create a VPC peering connection between the VPC in which EC2 Instance is created and the VPC in which EFS is created. You can follow the AWS documentation for VPC peering within the same account https://docs.aws.amazon.com/vpc/latest/peering/create-vpc-peering-connection.html#create-vpc-peering-connection-local

  6. Now we need to determine the Availability Zone ID of the EC2 instance. After connecting to your instance from a local machine run the following command and we will get the ZoneId.

    aws ec2 describe-availability-zones --zone-name `curl -s [http://169.254.169.254/latest/meta-data/placement/availability-zone](http://169.254.169.254/latest/meta-data/placement/availability-zone)`
  7. After this, run the below command to find the mount target IP address in the same Availability Zone ID

    aws efs describe-mount-targets --file-system-id <file_system_id>![efs describe-mount-targets](https://imgs.kloudle.com/academy/how-to-set-up-efs-and-use-with-multiple-instances-in-different-vpcs/1673702968-efs-describe-mount-targets.png)
  8. From the output of above command, note the IpAddress and add a line for the mount target IP address to the EC2 instance’s /etc/hosts file using the below command:

    echo "<mount-target-IP-Address> <file-system-ID>.efs.<region>.amazonaws.com" | sudo tee -a /etc/hosts
  9. Add rules to the VPC security groups for the EC2 instance and the EFS mount target to allow access to the EFS file system. You can refer to the following documentation: https://docs.aws.amazon.com/efs/latest/ug/network-access.html

  10. Mounting the file system

    1. Create a directory in your EC2 Instance using the following command:

      sudo mkdir /mnt/efs/
    2. Now mount the file system using IAM authorization

      sudo mount -t efs -o tls,iam <file-system-id> /mnt/efs/

      After running the above command you will have successfully mounted the EFS file system and can access the data from it from an instance in a different VPC

    This way you can create multiple instances in different VPCs and mount the EFS file system to those instances.

Conclusion

EFS provides persistent storage and is somewhat like the Network Attached Storage (NAS) that we use. This article provides a step-by-step walkthrough of how you can create an EFS file system. It also covers how you can access EFS from your EC2 instances in a different VPC.

← Back to Academy