My Amazon Elastic File System (Amazon EFS) file system is available and correctly mounted on my Amazon Elastic Compute Cloud (Amazon EC2) instance. However, I can't write to it.
Resolution
If you can't write to your file system, then check for the following configurations:
- The mount option in the /etc/fstab file is set to read-only access.
- The associated AWS Identity and Access Management (IAM) policy indicates read-only access, or root access is turned off.
- The file system is a destination file system in a replication configuration.
Note: The resolution uses the Amazon EFS mount helper. The Amazon EFS mount helper is preinstalled on Amazon Linux. If you use another distribution, then see Installing the Amazon EFS client on other Linux distributions.
Verify that the mount options are correct in the /etc/fstab file
Complete the following steps:
-
To check the current mount options for the file system, run the following command:
$ mount -t nfs4
In the following example output, the variable ro indicates that the file system currently allows read-only access:
file-system-id.efs.region.amazonaws.com:/ on /efs type nfs4 (ro,relatime,vers=4.1,rsize=1048576,wsize=1048576,namlen=255,hard,noresvport,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.0.2.0,local_lock=none,addr=192.0.0.0)
-
Use the vi editing tool to change the mount parameter to rw (read/write permissions) in the /etc/fstab file:
file-system-id:/ efs-mount-point efs rw,_netdev 0 0
Note: Replace file-system-id with your file system ID.
-
To unmount and remount the file system, run the following command:
$ sudo mount -o remount,rw /efs -t efs && mount -t nfs4file-system-id.efs.region.amazonaws.com:/ on /efs type nfs4 (rw,relatime,vers=4.1,rsize=1048576,wsize=1048576,namlen=255,hard,noresvport,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=190.0.2.0,local_lock=none,addr=190.0.2.0)
-
To verify that you can write to the file system, create or edit a file in the file system.
Verify that permissions are correctly set
Complete the following steps:
-
Open the Amazon EFS console.
Note: Make sure that you're in the same AWS Region as your Amazon EFS file system.
-
Select the file system that you want to check, and then choose View details.
-
On the File system policy tab, choose Edit.
-
If the following options are selected, then clear them:
Prevent root access by default
Enforce read-only access by default
-
Choose Set policy.
-
Choose Save policy.
-
To unmount the file system, run the following command:
$ sudo umount /efs
-
To apply the changes, run the following command:
$ sudo mount -t efs -o iam fs-file-system-id /efs
Note: Replace file-system-id with your file system ID.
-
To make the new mount persist after reboot, use the vi editing tool to add one of the following lines to the /etc/fstab file:
Mount with IAM authorization to an instance that has an instance profile:
file-system-id:/ efs-mount-point efs _netdev,iam 0 0
Mount with IAM authorization to a Linux instance that has a credentials file:
file-system-id:/ efs-mount-point efs _netdev,iam,awsprofile=namedprofile 0 0
Mount with an EFS access point:
file-system-id efs-mount-point efs _netdev,accesspoint=access-point-id 0 0
For more information, see Automatically mounting EFS file systems.
-
To verify that you can write to the file system, create or edit a file in the file system.
Check whether the file system is part of a replication configuration
EFS replication supports the replication of your data from a source file system to a destination file system within your AWS account across Regions. Destination file systems are read-only by default and allow you to write to the file system only after you delete the replication configuration.
To check whether the file system is part of a replication configuration, complete the following steps:
- Open the Amazon EFS console.
Note: Make sure that you're in the same Region as your Amazon EFS file system.
- Select the file system that you want to check, and then choose View details.
- Choose the Replication tab, and then check the file system's configuration.
- If the file system is a destination file system, then delete the file system's replication configuration.
Related information
New for Amazon EFS - IAM authorization and access points
Mounting EFS file systems from another AWS account or virtual private cloud (VPC)