Why can't EFS be associated with an Elastic IP?
I want to be able to mount EFS outside my VPC. However, when I try to assign a static Elastic IP to the network interface of EFS, I get the following error:
Failed to associate address with eni-0fa8cf69d68b7bb01: You do not have permission to access the specified resource.
I don't think that I "do not have permission" because I'm the owner of the account and I have the AdministratorAccess IAM policy.
Why is that error appearing? Is there a way to make EFS publicly accessible?
- Newest
- Most votes
- Most comments
Associating an Elastic IP (or Public IP) with EFS isn't supported. And besides, I don't think that associating an Elastic IP with EFS is a good idea from a security perspective. That makes EFS public accessible (something that you point out in your question).
What are you trying to do? Why make EFS public at all?
Relevant content
- asked a year ago
- asked 3 years ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 8 months ago
Yep, I understand the consequences of making EFS public. What I want to do is to be able to mount EFS on my own Windows machine (via WSL), just for ease of use.
That's currently only possible via SSH tunneling through a jump server, which makes it impossible to use access points, because the
efsmount helper doesn't quite work out. I asked a separate question, where I lay out the entire problem.Ideally, I'd be able to associate an EIP with EFS, then only allow traffic from my own IP in the NACLs.
Normally, I'd suggest Client VPN for this because it's probably easier than running your own jump host.
It would be a lot more expensive, though. Looking at the Client VPN pricing page, it would start at around $72/month. Would it allow me to use EFS access points through the EFS helper? As I've explained in my other question, I ran into problems when trying to do that over a jump host.