By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Read Only EFS for everyone except single ec2 instance

0

I have created an EFS file system that is read-only to all ec2 machines by default. I need to have an admin machine that has the ability to write new files to the EFS file system. I have created the IAM role, attached it to the admin ec2 instance, and changed the file system policy. However, when I ssh to the admin ec2 instance and attempt to write to the EFS file system, it still shows as read-only. Any thoughts on what the snag could be?

Thanks!

Topics
StorageComputeSecurity, Identity, & Compliance
Tags
Amazon Elastic File SystemAmazon EC2IAM Policies
Language
English
Zac_Thiel
asked 8 months ago282 views
1 Answer
1

Hello.
Is the IAM policy of the EC2 to be written a policy that allows writing as follows?
Also, what is EFS's access policy?

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "elasticfilesystem:ClientMount",
                "elasticfilesystem:ClientWrite",
                "elasticfilesystem:ClientRootAccess"
            ],
            "Resource": "arn:aws:elasticfilesystem:region-id:[YourAccount]:file-system/fs-xxxxx"
        }
    ]
}

Also, make sure you are mounting using IAM authentication.
https://docs.aws.amazon.com/efs/latest/ug/mounting-IAM-option.html

profile picture
EXPERT
Riku_Kobayashi
answered 8 months ago
profile pictureAWS
EXPERT
Didier_Durand
reviewed 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content