Read Only EFS for everyone except single ec2 instance

Question

I have created an EFS file system that is read-only to all ec2 machines by default. I need to have an admin machine that has the ability to write new files to the EFS file system. I have created the IAM role, attached it to the admin ec2 instance, and changed the file system policy. However, when I ssh to the admin ec2 instance and attempt to write to the EFS file system, it still shows as read-only. Any thoughts on what the snag could be?

Thanks!

Answer

Hello.  
Is the IAM policy of the EC2 to be written a policy that allows writing as follows?  
Also, what is EFS's access policy?  
```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "elasticfilesystem:ClientMount",
                "elasticfilesystem:ClientWrite",
                "elasticfilesystem:ClientRootAccess"
            ],
            "Resource": "arn:aws:elasticfilesystem:region-id:[YourAccount]:file-system/fs-xxxxx"
        }
    ]
}
```

Also, make sure you are mounting using IAM authentication.  
https://docs.aws.amazon.com/efs/latest/ug/mounting-IAM-option.html

Read Only EFS for everyone except single ec2 instance

相關內容