Mounting an EFS Instance From an External Account
Only First time:
- Send Thaneer your AWS account ID and he will add you to the trusted entities for the IAM role that he has created.
- If you don't have one already, create an IAM user. Permissions aren't relevant since you will be switching roles as soon as you sign in as the IAM user, but you may want to omit any permissions so that you don't accidentally create an instance before switching roles.
- When you are signed in as an IAM user under your root account, go to this link, enter a display name, (pick your favorite color), and click "Switch Role" https://signin.aws.amazon.com/switchrole?roleName=mPowerEFSRole&account=389689814525
- You are now working within Thaneer's AWS resources. Any resources you instantiate will be viewable by Thaneer and anyone else who has assumed the same IAM role. Likewise, you will be able to see and modify any resources instantiated by others (to the extent allowed by the permissions granted via the IAM role, currently full EC2, Batch, and EFS permissions — subject to change). So be careful and tag the resources you instantiate to help yourself and others stay organized!
- Launch an instance in the us-east-1 region via the EC2 console. You may use any OS, but you will likely need to install the NFS (Network File System) client if you don't use Amazon Linux.
- Redhat derivative:
sudo yum -y install nfs-utils
- Ubuntu derivative:
sudo apt-get -y install nfs-common
- Redhat derivative:
- Make sure that you are launching into both the default VPC and default subnet (i.e., no preference) for the us-east-1 region. You will be able to mount the EFS drive from any of the availability zones in the region, but launching your instance in a non-default subnet may cause problems somewhere down the line since only the default subnets have mount points to the EFS drive we are trying to access.
- For security groups, simply create a new one with the default settings. (Creating a new security group with default settings is the default when creating a new EC2 instance, so there is nothing to do here).
- Give your instance a "Name" tag so that it can easily be identified as your own within the EC2 console.
- If this is your first time launching an EC2 instance from within this IAM role, you will need to create and download a new private key to access your instance with.
- After launching the instance, select it in the EC2 console, then click Actions > Networking > Change Security Groups. Check the box next the security group where "Security Group Name" is "default", then "Assign Security Groups".
- SSH into your instance and run these commands:
sudo mkdir mPower_efs sudo mount -t nfs -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 fs-51cbb618.efs.us-east-1.amazonaws.com:/ mPower_efs
The EFS drive is now accesible via the
efs folder you just created in your home directory. You should already have write/read/execute permissions within the directory, but if not you can modify permissions using