Amazon EFS - research-technologies/hull_provisioning GitHub Wiki

Create an EC2 instance

Create an EFS file system

• Did not choose Enable encryption of data at rest

You have created a file system. You can mount your file system from an EC2 instance with an NFSv4.1 client installed. You can also mount your file system from an on-premises server over an AWS Direct Connect connection. Click here for EC2 mount instructions, and here for on-premises mount instructions.

Ensure the EFS and EC2 are in the same security group. If not add the EFS security group to the EC2 instance

EC2 security groups: launch-wizard-1, default
EFS security groups: All the mount targets belong to the security group sg-6567441f - default

Install the amazon-efs-utils package, which has the Amazon EFS mount helper in the EC2 instance
a. Install on Ubuntu

cd ~
git clone https://github.com/aws/efs-utils
make --help #to test make is available
sudo apt-get -y install binutils
cd efs-utils/
ls -l
./build-deb.sh
ls -l build # Ensure deb package is available
sudo apt-get -y install ./build/amazon-efs-utils*deb

b. Install on Centos 7 or greater

sudo yum install -y amazon-efs-utils

Upgrade Stunnel on Centos

sudo yum install -y gcc openssl-devel tcp_wrappers-devel
curl -o stunnel-5.48.tar.gz https://www.stunnel.org/downloads/stunnel-5.48.tar.gz
tar xvfz stunnel-5.48.tar.gz
cd stunnel-5.48/
sudo ./configure
sudo make
sudo rm /bin/stunnel
sudo make install
sudo ln -s /usr/local/bin/stunnel /bin/stunnel

Mount the EFS filesystem

sudo mkdir /mnt/efs
sudo chown -R ubuntu:ubuntu /mnt/efs
sudo mount -t efs fs-8506984c:/ /mnt/efs/

If the mount is working, unmount it and try with secure tunnel for encryption during transit

sudo umount /mnt/efs
sudo mount -t efs -o tls fs-8506984c:/ /mnt/efs/

Update fstab to mount EFS automatically Open the file /etc/fstab file in an editor

sudo vim /etc/fstab

Add the following line to the /etc/fstab file

fs-8506984c:/ /mnt/efs efs tls,_netdev 0 0

Save the changes to the file.