Can't mount efs filesystem on ec2 instances following AWS Solutions Architect Associate demo

Cloud AWS
#1

Hi Rob and co,
I’m following the EFS-Demo lecture under “Service - Storage” section of the " AWS Solutions Architect Associate " course.

I have the following setup:

1 VPC

EFS-VPC-with-subnets-IGW
EFS-VPC-with-subnets-IGW2315×1386 261 KB

2 subnets
1 route table for each subnet, routing traffic to IGW below
1 internet gateway

1 security group (Allows ssh port 22, NFS port 2049, All traffic on All protocol just to cover everything)

EFS-SECGrp-Pol
EFS-SECGrp-Pol2374×1090 207 KB

1 EC2 instance in each subnet with the security group applied:
Listing EC2- instances

EFS-EC2-instance-AZ
EFS-EC2-instance-AZ2294×376 89 KB

Listing attached security group on ec2

EFS-EC2-SECGrp
EFS-EC2-SECGrp2308×339 72.4 KB

1 EFS filesystem:

EFS-ID-and-DNS-name
EFS-ID-and-DNS-name2212×961 164 KB

Showing that the efs has targets

EFS-targets
EFS-targets2178×867 136 KB

Now when I try to mount the EFS file system on either instances I get the following errors:

EFS-cmdl-mount-fail
EFS-cmdl-mount-fail2827×241 22.1 KB

or using DNS:

EFS-cmdl-DNS-mount-fail
EFS-cmdl-DNS-mount-fail2823×164 14.1 KB

I made a slight modification from the lecture by including the NFS in the security group.
But I don’t see how that would have any negative effect. Besides, the allow all policy would be hit first in the order of things, I imagine.

I also rebooted the instances just incase they weren’t picking up the security group properly as I made a change after launching the instances.

Any Idea where I’ve gone wrong here?

Thanks in advance

Elvy

#2

Hi @elvy

Please share the source information of this security group.

EFS-cmdl-mount-fail
EFS-cmdl-mount-fail2827×241 22.1 KB

#3

Hi Raymond.baoly,
Have a look at the second image from the top that is the security group.
But the command I ran is copied from AWS instruction on how to mount the efs
it differs slightly from the command used in the lecture.

#4

I mean this one, there’s a Source column. Please take a screenshot that includes this column.

image
image2374×1090 251 KB

#5

Hi Raymond,
The above prints were from an ephemeral session. I no longer have access to it.
It would save me time and a lot of hassle if you could tell me what you think the cause of the error is, that is if you have seen and troubleshooted it before.

Thank you very much for your time.

Elvy

#6

Hi @elvy

The security group source is very important, it should be set to All or allow traffic from itself. If you open the NFS port but restrict it to a specific IP or another security group, you won’t be able to mount it.

#7

Thanks,
I’ll check that the next time I practice EFS mounting.

Regards

Elvy