How to Easily Attach EFS to Your EC2 Instance

Welcome to my blog and thank you for stopping by. I hope my previous post has been helpful to you by means of guidance and education.

Today, I would be explaining how you can attach an EFS (Elastic File System) to your EC2 instance but before I delve into giving you the steps, let me briefly give an explanation of what EFS is.

This is an architectural design to explain the process for your understanding.

Amazon Elastic File System (Amazon EFS) is a file storage service that can be used with Amazon compute (Amazon EC2, Amazon ECS, Amazon EKS, AWS Lambda, and AWS Fargate, containers, serverless) and on-premises servers. It provides a file system interface, file system access and concurrently accessible storage for up to thousands of EC2 instances.

It is built to scale on demand without disrupting applications, growing and shrinking automatically as you add and remove files which makes it highly scalable, highly available, and highly durable. You can share data without provisioning or managing storage capacity and performance and you can also create and configure file systems quickly and easily.

Amazon EFS offers the different file system types, performance and throughput modes to meet your availability and durability needs.

Amazon EFS supports the Network File System version 4 (NFSv4.1 and NFSv4.0) protocol.

Amazon EFS supports authentication, authorization, and encryption capabilities to help you meet your security and compliance requirements. Amazon EFS supports two forms of encryption for file systems: encryption in transit and encryption at rest. You can enable encryption at rest when creating an Amazon EFS file system. If you do, all of your data and metadata is encrypted. You can enable encryption in transit when you mount the file system.

Now that I have given a brief summary of what an Amazon EFS is and its attributes, let’s get started.

We would need to create the following resources on AWS to help us achieve what we want:

a. An AWS account

b. Amazon EFS

c. Multiple instances (I would be creating 2 instances)

d. Security Group

A. You need an AWS account to get started. This link would help you create an AWS account. https://signin.aws.amazon.com/signup?request_type=register. After creating an account, that account becomes the Root user. You can go ahead and create a user under the IAM.

If you already have an existing account, go to https://aws.amazon.com, and sign into the console.

B. CREATING THE AMAZON EFS

1. Type EFS in the search bar and click on it.

2. Click CREATE FILE SYSTEM

3. Name: Give a unique name for your EFS File System.

   Virtual Private Cloud: This is created automatically with the EFS.

After you have given the EFS a name, select Customize.

4. Under customize, there are 4 steps. You can leave Step 1 and 2 in its default state and move to Step 3.

5. Step 3 covers the policy options. I checked the encryption in-transit.

   Encryption in-transit is a process of protecting data while it is being transferred between two points in a network.

6. Select Create.

7. The EFS has be successfully created as shown in diagram below.

C. CREATING OUR EC2 INSTANCES

1. Type EC2 in the search bar and click on it.

   

2. Next, select Launch Instance.

3. Name: Give a unique name to your EC2 instance.

   Application and OS Images (AMI): Choose Amazon Linux.

4. Description: I left it as default

   Instance type: I chose t2 micro. You can choose any other instance type under the free tier eligible.

5. Key pair: I chose to create a key pair, but you can Proceed without key pair.

   If you choose Proceed without key pair, it takes you to the next stage.

   If you choose to create a key pair, the diagram attached shows you what to do.

6. Under Network settings, click Edit. The VPC that was automatically created by AWS for the EFS becomes the default VPC. Leave every part as default and move to Firewall (security groups).

   Select Create security group and give it a unique name. You can also give it a description by describing what the security group is for.

7. You can leave every other selection in their default state and proceed to Launch Instance.

8. At this point, the instance is successfully launched.

   Follow same steps and create the second instance.

   

9. After the second instance is successfully launched, this is what you would be having.

D. CONFIGURING THE RULES IN THE SECURITY GROUP

1. After the launching of instances, we need to edit the rules for the security group to enable the EC2 instances communicate with the EFS by allowing traffic from port 2049.

   For this to be effected, go to Network & Security and click Security Groups.

2. The security group tab shows you all the security groups created.

   Default was created for the EFS automatically while the EFS was being configured.

   SG_Machine1 was created when I was launching the first EC2 instance.

   SG_Machine2 was created when I was launching the second EC2 instance.

3. Select the default security group, and click Edit Inbound Rule.

4. Click Add Rule.

   Under Type, Click the drop-down arrow and select NFS. Also, select the security group created for that particular instance as shown in the diagram.

5. Repeat same process above for the second instance also. Make sure to select the correct security group for the instance.

   Next, select Save Rules.

6. The inbound rules on the default security group should look this way after editing.

E. MOUNTING THE EFS AND CONNECTING THE EC2 INSTANCES TO THE EFS

1. At this stage, I went back to my instance and selected one of my instances and clicked Connect.

2. I would be selecting SSH Client for my connection because I have a keypair which I generated for my connection.

   You can visit Quick Guide to Deploying a Linux EC2 Instance on AWS to see how you can connect to your EC2 instance by using keypair.

3. Below is a view of what you would see on your command prompt or terminal once the instance is connected.

4. I installed the Amazon EFS utilities using the command sudo dnf install -y amazon-efs-utils

   When installation is complete, you would see the information below

5. Next, let’s create a directory by using the command sudo mkdir (directory name). I named my directory efs.

6. a. Return to the EFS on your console, Click on Attach.

   

   6. b. Copy the mount command using the EFS mount helper.

7. 

   Return to your command prompt or terminal and paste the EFS mount helper command which you just copied. Run the command.

8. To confirm that you have successfully mounted the EFS, run the df -T command.

9. You can run the ls -l command to see the permissions on the file.

   As you can see in the diagram, the ownership of the efs directory is the root which does not give me the permission to execute any command as the user. For me to get the permission, I used sudo chown command.

   I typed sudo chown ec2-user efs/. You would see that the change of ownership was done immediately I ran the chown command.

   

   10. Type cd (directory name) to get into your directory.

       Next, you can create or put any type of files inside the directory. To create a file, use the touch command + filename. I created a file named Dragonfly and also dropped a WordPress document in the directory.

       Afterwards, I ran the ls command to confirm the files I have in my directory as seen below.

       

       

   11. Now, let’s connect the second instance and see if we can view the same files in the directory that has been mounted on the EFS by the first EC2 instance.

   12. Type the same commands as you did when you connected the previous EC2 instance.

       • sudo dnf install -y amazon-efs-utils

       • make directory (give it the same name as the one in the previous EC2 instance).

       • sudo mount (using the EFS mount finder)

       • df -T

         From the diagram below, you would notice the EFS has been mounted.

13. Enter your directory by using cd command

    • cd (directory name)

      When you are in the directory, type the ls command to give you a list of the files in the directory. Remember you don’t need to create any file in this instance anymore. Since you have successfully mounted the EFS on the second instance, you would be able to see whatever files has been saved in the EFS.

14. Notice how Instance 2 can see the same files that Instance 1 created and saved on the EFS.

    

    

    I hope I have been able to help someone out through the process and believe that you enjoyed putting the process together to achieve your result.

Thank you for stopping by and look forward to dropping another piece for your enlightenment.

Kindly drop a comment, like and share.