EFS mount timing out

0

I have two EC2 instances running Ubuntu 18.04 LTS in separate availability zones. Each has its own elastic IP assigned to it. They share the same security group. This security group basically allows inbound traffic on ports 22, 80 and 443 from 0.0.0.0/0 and all ports and all protocols from the three subnets corresponding to the three availability zones in my region. Outbound traffic is wide open. I've created an EFS in the same region. It uses the default security group which allows all ports and all protocols inbound and outbound. I've tried mounting via DNS using the EFS helper and NFS client and also via IP. All attempts timeout. I can ping my gateway. My instances can ping each other. I cannot ping any of the mount target IPs (one for each AZ).

Thank you in advance for any help you can provide.

1 Answer
0
Accepted Answer

Based on the information provided, it appears that the main issue preventing your EFS from mounting is likely related to security group configurations. Here are some steps to troubleshoot and resolve the problem:

  1. Security Group Configuration: Although you've allowed inbound traffic on ports 22, 80, and 443, and all traffic between the subnets, EFS requires specific port access. Ensure that your EC2 instances' security group allows inbound and outbound traffic on port 2049 (NFS) from the EFS mount targets' security group.

  2. EFS Security Group: The default security group for your EFS allowing all traffic may not be sufficient. Create a new security group for EFS that explicitly allows inbound NFS traffic (TCP port 2049) from your EC2 instances' security group.

  3. Network ACLs: Check if there are any Network ACLs in place that might be blocking the necessary traffic between your EC2 instances and EFS mount targets.

  4. VPC DNS Settings: Ensure that DNS hostnames and DNS resolution are enabled in your VPC settings. This is crucial for DNS-based mounting.

  5. Mount Command: When using the EFS mount helper, make sure to include the '_netdev' option in your mount command. This ensures that the network file system is initialized after the instance's networking starts. For example:

    sudo mount -t efs -o tls,_netdev fs-xxxxxxxx:/ /mnt/efs

  6. IAM Permissions: If you're using IAM authorization for EFS, verify that your EC2 instances have the necessary IAM permissions to access the EFS file system.

  7. Connectivity Test: Since you can't ping the mount target IPs, there might be a network connectivity issue. Try using 'telnet' to test connectivity to the EFS mount target on port 2049.

If these steps don't resolve the issue, you may need to review your VPC configuration, ensure that your EC2 instances and EFS are in the same VPC, and double-check that the mount target IPs are correct for your EFS file system.
Sources
Troubleshooting mount issues - Amazon Elastic File System
Mounting EFS file systems using the EFS mount helper - Amazon Elastic File System
Having trouble mounting an EFS to an EC2 instance | AWS re:Post

profile picture
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions