TLS for EFS mounts in 2 different regions on a single instance

Question

There seems to be a limitation on the helper in amazon-efs-utils that configures stunnel for EFS for you.  It doesn't appear as though it supports 2 different regions simultaneously so that it is not possible to mount two different EFS stores using TLS in two different regions on the same EC2 instance.   It appears as though the config file at /etc/amazon/efs/amazon-efs-utils.conf is only configurable for a single region Is that right? Is there a workaround for it?  Do I have to manually configure stunnel for it to work?  
  
Edited by: proca on Feb 17, 2019 9:39 PM

Answer

Ok - just FYI for your roadmap, the reason I am trying to do this is cross-region backup for EFS.  Its basically a custom implementation of AWS's recommended approach by using cloudformation to do cross-region EFS backups where it spins up an EC2 instance and copies between the EFS stores.  
  
So you are saying that I am going to have to configure stunnel myself to get this working.  I'll take a look at that github repo to see how hard it would be to add support for my use case first.  Thanks for the info.

Answer

The EFS mount helper currently supports mounting EFS file systems located in the same region as your EC2 instance.  Mounting file systems in other regions is not currently supported by the mount helper - please note that you are responsible for network charges when mounting EFS file systems across AWS regions.  
  
Thanks for the feedback - we'll consider it as part of our roadmap.  In the meanwhile, the mount helper is open-source (https://github.com/aws/efs-utils) if you'd like to submit a pull request to enable this functionality.  The area of the code that defines region lookup is found here: https://github.com/aws/efs-utils/blob/master/src/mount_efs/__init__.py#L119  
  
Edited by: JoeTatAWS on Feb 18, 2019 12:15 PM

TLS for EFS mounts in 2 different regions on a single instance

Relevant content