15

I am trying to mount AWS EFS to my local MacBook (also other local computers) However, it is not working.

My port 22 and 2049 is wide open as a testing.

I tried few command like mount -t nfs4 -o nfservers=4.1 xxx.xxx.xxx.xxx:/ efs/

But I am keep getting a connection timed out error.

Also I tried mounting this EFS to another AWS account EC2 instances. But keep getting same error.

For example, I have EFS in Account1 and EC2 in Account2 (Different VPC) and trying:

sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 xxx.xxx.xxx.xxx:/ /efs/

It is not working unless I have my EC2 in the same account (which is account1).

Is there a way I can mount this EFS in different account or local computers?

TylerH
  • 20,799
  • 66
  • 75
  • 101
anniepark90
  • 151
  • 1
  • 1
  • 3
  • 5
    There's excellent answer here: http://serverfault.com/questions/799016/elastic-file-system-efs-mount-outside-of-aws – Michal Gasek Dec 07 '16 at 20:43
  • 1
    Maybe it's worth adding that AWS has recently announced support for mounting EFS volumes external to AWS via DirectConnect. – Michal Gasek Dec 07 '16 at 20:50
  • @MichalGasek I guess there is no official way as of now? I don't think my company will let me to proxy thing.. – anniepark90 Dec 07 '16 at 21:01
  • It is officially unsuported. The "proxy thing" is doable on a $5/month t2.nano instance (I have two of them, they work perfectly for this) so I'm not sure why you would have a problem doing that. Assuming you have an existing tunnel or VPC peering and the proxy is inside the VPC, there is no reason for the solution to pose a security risk. Then again, you didn't actually mention that you had peered the VPCs. I have not tested whether EFS can cross a peering connection without the proxy, but for sure, traffic can't cross VPC boundaries without one. (Thanks for sharing the link, @MichalGasek). – Michael - sqlbot Dec 08 '16 at 00:16
  • @Michael-sqlbot I will try that as a testing. However, I am almost 100percent sure that our information security team will not allow that at all.. – anniepark90 Dec 08 '16 at 16:37
  • See https://aws.amazon.com/about-aws/whats-new/2016/12/on-premises-access-to-amazon-efs-via-aws-direct-connect-available-in-us-east-n-virginia-region/. Access to EFS via direct connect is now officially supported in IAD. – user1071840 Mar 09 '17 at 06:59
  • I recently come up with the following - https://erudinsky.com/2017/08/30/aws-efs-windows. In case of mac you just deal with smb://your-re-exported-share, but the concept is the same. – evgeny Sep 24 '17 at 16:42

3 Answers3

11

For those who are curious, try

sudo mount -t nfs -o vers=4,tcp,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 -w host_ip:/ efs

worked for me via direct connect.

capitalg
  • 593
  • 2
  • 9
  • 18
  • I am getting `No such file or directory` even though I can `ls` and see that my local path indeed exists. Do I need to install `amazon-efs-utils`? – barakbd May 01 '20 at 07:10
  • some for me. Are you on mac ? Did try while being connected via Vpn Client Endpoint – Logemann Jun 19 '20 at 13:57
5

What worked for me was to mount it to an EC2 ("on-premises"), give myself SSH access to that server, and then use sshfs to access it.

sshfs -o allow_other,IdentityFile={YOUR_SSH_KEY} {REMOTE_USERNAME}@{YOUR_URL}:/{YOUR}/{FOLDER}/{ON_REMOTE} /{YOUR}/{LOCAL}/{FOLDER}
blisstdev
  • 633
  • 4
  • 13
0
sudo mount -t nfs -o vers=4,tcp,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 -w host_ip:/ efs

I have tried using the AWS Client connect VPN i.e. P2S VPN. it worked for me as well. With the latest changes now the EFS can be connected from your local machine using AWS VPN.

To access EFS file systems from on-premises, you must have an AWS Direct Connect or AWS VPN connection between your on-premises datacenter and your Amazon VPC.

juco
  • 6,331
  • 3
  • 25
  • 42
chandra
  • 111
  • 1
  • 1
  • 8