EFS – Elastic File System

Today we’ll talk about EFS, some use cases, usability and some challenges I faced while using this service.

So, what is EFS ? EFS stands for Elastic File System which is a managed service provided by AWS. It is similar to an NFS service that you are probably already familiar with (Network File System). EFS enables you to create and configure a shared file system without any provisioning, deploying, patching, or maintenance. EFS will automatically scale up or down as files are added or removed, and can burst to higher throughput if needed. By default, EFS utilizes high availability and durability (99.999999999 percent (That’s 11 9s!)). You can connect EFS to numerous services such as EC2, ECS, EKS, Fargate, Lambda and local servers. We can talk all day about storage types and classes, backups and monitoring but I want to get to the good stuff : -)

There are a couple of ways to connect your EFS, network wise:

The first and by far the easiest method is to mount it onto an EC2 when they both reside in the same VPC.

Mount command with NFS: mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,

retrans=2,noresvport fs-12a34b56c78d.efs.us-east-2.amazonaws.com:/ /mnt/efs_folder

You can also add it to /etc/fstab as a persistent mount point that will not change after restart. While testing NFS on EFS, I was not able to properly use ‘nfs4_acl’ package, and encountered many issues with it.

If you want to allow other services that reside in different VPCs to connect to your EFS, you can use a peering connection or transit gateway between 2 or more VPCs, or you can even go the distance and use ALB, NLB or a Service Endpoint (Private link). The latter is a specialized use case that even AWS Awesome support was unsure if it would work… We got it to work ;-) When should you use peering versus transit gateway, you ask? Good question grasshopper, I am glad you asked. Peering is a single network connection which enables you to route traffic between two different VPCs (see more here). Transit gateway is basically a “router in the clouds”. It will easily connect between your on-prem networks and those you have on AWS. If there comes a time when you have too many VPCs, peering or VPN connections to handle, then TGW is the better choice to use. It provides a single gateway for your network needs (see more here).

Transit Gateway connection diagram:

Service Endpoint connection diagram:

The mount command for the endpoint is as follows: mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,

retrans=2,noresvport vpce-1a2345678b1234c1-ab12abcd.vpce-svc-112a3456b78910cd.us-east-2.vpce.amazonaws.com:/ /mnt/efs_folder

If you wish to use the /etc/fstab file, add this line: vpce-1a2345678b1234c1-ab12abcd.vpce-svc-112a3456b78910cd.us-east-2.vpce.amazonaws.com:/ /mnt/efs_folder nfs4 nfsvers=4.1,rsize=1048576,

wsize=1048576,hard,timeo=600,retrans=2,noresvport 0 0

As you can see, we are not using the EFS ID or EFS DNS name when mounting, but the VPC Endpoint!

After we had great fun building the infrastructure, we are now ready to configure the EFS. Let’s get cracking!

In the initial page, you will create the file system.

Insert the desired name and the location of your VPC:

Once created, you will be able to view and manage your file system size, monitoring, tags, EFS policy access points and network.

Click Edit to perform some basic configuration, such as adjusting your backups, storage tier (A or IA), and throughput mode.