Mounting EFS file systems using the EFS mount helper
After you install the Amazon EFS client (amazon-efs-utils), you can use
the EFS mount helper to mount EFS file systems on your EC2 Linux and Mac instances running a
supported distribution.
Note
Amazon EFS does not support mounting from Amazon EC2 Windows instances.
When mounting a file system, the mount helper defines a new network file system type, called efs, which is
fully compatible with the standard mount command in Linux. The mount helper also
supports mounting an Amazon EFS file system at instance boot time automatically by using entries in
the /etc/fstab configuration file on EC2 Linux instances.
Warning
Use the _netdev option, used to identify network file systems, when mounting
your file system automatically. If _netdev is missing, your EC2 instance might
stop responding. This result is because network file systems need to be initialized after the
compute instance starts its networking. For more information, see Automatic mounting fails and the instance is
unresponsive.
You can mount a file system by specifying one of the following properties:
File system DNS name – If you use the file system DNS name, and the mount helper cannot resolve it, for example when you are mounting a file system in a different VPC, it will fall back to using the mount target IP address. For more information, see Mounting EFS file systems from another AWS account or VPC.
File system ID – If you use the file system ID, the mount helper resolves it to the local IP address of the mount target elastic network interface (ENI) without calling external resources.
Mount target IP address – You can use the IP address of one of the file systems mount targets.
You can find the value for all of these properties in the Amazon EFS console. The file system DNS name is found in the Attach screen.
When encryption of data in transit is declared as a mount option for your Amazon EFS file
system, the mount helper initializes a client stunnel process, and a
supervisor process called amazon-efs-mount-watchdog. The
amazon-efs-mount-watchdog process monitors the health of TLS mounts, and is
started automatically the first time an EFS file system is mounted over TLS. If
your client is running on Linux, this process is managed by either
upstart or systemd depending on your Linux
distribution. For clients running on a supported macOS, it is managed by
launchd.
Stunnel is an open-source multipurpose network relay. The client stunnel process listens
on a local port for inbound traffic, and the mount helper redirects NFS client traffic to this local port.
The mount helper uses TLS version 1.2 to communicate with your file system. Using TLS requires certificates, and these certificates are signed by a trusted Amazon Certificate Authority. For more information on how encryption works, see Encrypting data in Amazon EFS.
Topics
- Mount settings used by EFS mount helper
- Getting support logs
- Prerequisites for using the EFS mount helper
- Mounting on Amazon EC2 Linux instances using the EFS mount helper
- Mounting on Amazon EC2 Mac instances using the EFS mount helper
- Mounting EFS file systems from a different AWS Region
- Mounting One Zone file systems
- Mounting with IAM authorization
- Mounting with EFS access points
- Mounting EFS to multiple EC2 instances
- Mounting EFS file systems from another AWS account or VPC
