5.62 EFS-AWS

In this lab we create an Amazon Elastic File System (EFS) and mount it on two EC2 instances in different AZs. Open the EFS console and click Create file system. Set a name, optional automatic backup, and an optional lifecycle policy (e.g. files not used for 7 days move to EFS IA for cheaper storage). Pick General Purpose performance mode for normal web workloads, or Max I/O for big data. Throughput stays on the default Bursting mode.

Network and security

  • Encryption at rest is enabled (KMS managed).
  • EFS exposes one mount target per availability zone, in the default VPC.
  • Create a dedicated security group my-efs-sg that allows inbound TCP on port 2049 (NFS) from the EC2 security group only.
  • Attach my-efs-sg to all the EFS mount targets (one per AZ).
  • Skip the file-system policy step and finish creating the EFS.

Launch two EC2 instances (Amazon Linux 2, t2.micro) in different AZs, both attached to the EC2 security group. SSH into each instance and install the EFS utilities with the command suggested in the AWS docs — typically sudo yum install -y amazon-efs-utils. Then run the mount command displayed in the EFS console; without the proper security-group rule on port 2049, the first attempt times out. Once the rule is in place, the mount succeeds.

On both instances, create a directory like /mnt/efs and mount the EFS into it. Now write a file from instance 1 (e.g. echo hello > /mnt/efs/test.txt) — it appears instantly on instance 2 in the same directory. You have a shared filesystem across two AZs. When done, remove the EFS first (otherwise instances cannot terminate while attached), then terminate the EC2 instances to clean up resources.

Summary

This lesson demonstrates how to create and configure an AWS Elastic File System (EFS) through the AWS console. Participants learn to set up EFS with automatic backup policies, lifecycle management, and performance configurations across multiple availability zones. The lesson covers creating security groups, launching EC2 instances in different zones, and mounting the EFS volume using DNS or IP address methods.

Key points

  • EFS creation includes configurable automatic backups and lifecycle policies to move infrequently accessed files to cheaper storage tiers after 7 days
  • Performance modes (General Purpose for standard web services, Max I/O for intensive workloads) and throughput modes (Bursting or Provisioned) control EFS capacity and performance
  • Security groups must be created and applied to each availability zone (us-west-1a, 1b, 1c) with SSH access enabled to allow EC2 instances to connect to EFS
  • Multiple EC2 instances launched across different availability zones can share the same EFS volume, requiring proper DNS or IP address configuration
  • EFS utilities must be installed on EC2 instances before mounting the file system
  • Billing is based only on actual data stored (e.g., 6 KB used = pay for 6 KB), with costs increasing proportionally as data grows

FAQ

What are the different performance modes available for EFS?

General Purpose mode handles typical web services with standard performance, while Max I/O mode supports heavy workloads with intense data processing requiring maximum throughput and I/O performance.

How do you attach and mount an EFS volume to EC2 instances?

Create instances across multiple availability zones, install EFS utilities on each instance, then mount the volume using either the DNS endpoint or IP address method provided by AWS.

What is the benefit of EFS lifecycle policies?

Lifecycle policies automatically move files that have not been accessed for 7 days to cheaper storage tiers, reducing overall storage costs while maintaining accessibility.