By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Mount EFS from different VPC

0

Based on recommendations from AWS I have created a VPC for each one of my customers (same region, same availability zone and same CIDRs). Within each VPC I create an EFS file systems. Everything works fine for the various EFS and I can mount them on instances launched within the same VPC.

For management purposes (creating initial folders) and to transfer files I need to mount these EFSs on an instance launched from my main VPC. I tried to follow the instructions here to create a peering connection, but I am unable to do this because the two VPCs have overlapping CIDRs. Based on the same walkthrough the same prerequisite is required for the transit gateway.

Is there an alternative approach? I am not a network expert so please bear with me. If I have to use different CIDRs for different VPCs, would I not run out of addresses at some points?

Topics
StorageNetworking & Content Delivery
Tags
Amazon Elastic File SystemAmazon VPC
Language
English
Ruggiero
asked a year ago1359 views
3 Answers
1
Accepted Answer

If you have VPCs (or networks in general) with overlapping IP ranges my strongest recommendation in this situation is to use non-overlapping IP ranges. See this blog post for other alternatives but using different IP ranges is by far the cheapest and (despite appearances) the easiest.

When you create a VPC you get to choose how large the IP range for that VPC is. The default /16 (subnet mask: 255.255.0.0) range gives you 65,000 (give or take a few) IP addresses in your VPC. You probably don't need that many. Which means by creating a VPC with a smaller IP range you can have thousands of VPCs before you run out of IP addresses.

profile pictureAWS
EXPERT
Brettski-AWS
answered a year ago
profile pictureAWS
EXPERT
Tushar_J
reviewed a year ago
1

It's possible to cope with overlapping CIDRs but it adds complexity. By far the best approach is to avoid overlaps if it's not too late.

Would you run out of addresses? You can fit a lot of VPCs in the RFC 1918 ranges, for example in 10.0.0.0/8 you can fit 4096 /20 VPCs, and you can make VPCs as small as /28 if workable for you, with room for over a million of those.

If that's not enough, EFS doesn't support IPv6 yet but when it does you could consider IPv6-only VPCs - you'll never run out of addresses for those!

A workaround for comms between VPCs with overlapping CIDRs adds complexity as I said. Basically you NAT the addresses, for example:

  • Each VPC has a secondary address block, and these don't overlap.
  • Secondary subnets on the server side contain an ALB front-ending the app.
  • Secondary subnets on the client side contain NAT GWs. Note that the VPC needs an IGW as a prerequisite for NAT GW even if you're not using it for internet traffic.
  • Attach the VPCs to TGW with static routes, no propagation, so you only have routes for the non-overlapping secondary CIDRs.
EXPERT
skinsman
answered a year ago
0

To mount an Amazon Elastic File System (EFS) from a different Virtual Private Cloud (VPC), you will need to set up a VPC peering connection between the two VPCs. Once the peering connection is established, you can mount the EFS file system in the target VPC by specifying its file system ID and the DNS name of the mount target in the other VPC. You may also need to configure the security groups and network access control lists for the mount target and the instances in the target VPC to allow access to the EFS file system.

profile picture
Bala
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content