Instantly share code, notes, and snippets.

Embed
What would you like to do?

Mounting an EFS Instance From an External Account

Only First time:

  1. Send Thaneer your AWS account ID and he will add you to the trusted entities for the IAM role that he has created.
  2. If you don't have one already, create an IAM user. Permissions aren't relevant since you will be switching roles as soon as you sign in as the IAM user, but you may want to omit any permissions so that you don't accidentally create an instance before switching roles.

Every time

  1. When you are signed in as an IAM user under your root account, go to this link, enter a display name, (pick your favorite color), and click "Switch Role" https://signin.aws.amazon.com/switchrole?roleName=mPowerEFSRole&account=389689814525
  2. You are now working within Thaneer's AWS resources. Any resources you instantiate will be viewable by Thaneer and anyone else who has assumed the same IAM role. Likewise, you will be able to see and modify any resources instantiated by others (to the extent allowed by the permissions granted via the IAM role, currently full EC2, Batch, and EFS permissions — subject to change). So be careful and tag the resources you instantiate to help yourself and others stay organized!
  3. Launch an instance in the us-east-1 region via the EC2 console. You may use any OS, but you will likely need to install the NFS (Network File System) client if you don't use Amazon Linux.
    1. Redhat derivative: sudo yum -y install nfs-utils
    2. Ubuntu derivative: sudo apt-get -y install nfs-common
  4. Make sure that you are launching into both the default VPC and default subnet (i.e., no preference) for the us-east-1 region. You will be able to mount the EFS drive from any of the availability zones in the region, but launching your instance in a non-default subnet may cause problems somewhere down the line since only the default subnets have mount points to the EFS drive we are trying to access.
  5. For security groups, simply create a new one with the default settings. (Creating a new security group with default settings is the default when creating a new EC2 instance, so there is nothing to do here).
  6. Give your instance a "Name" tag so that it can easily be identified as your own within the EC2 console.
  7. If this is your first time launching an EC2 instance from within this IAM role, you will need to create and download a new private key to access your instance with.
  8. After launching the instance, select it in the EC2 console, then click Actions > Networking > Change Security Groups. Check the box next the security group where "Security Group Name" is "default", then "Assign Security Groups".
  9. SSH into your instance and run these commands:
sudo mkdir mPower_efs
sudo mount -t nfs -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 fs-51cbb618.efs.us-east-1.amazonaws.com:/ mPower_efs

The EFS drive is now accesible via the efs folder you just created in your home directory. You should already have write/read/execute permissions within the directory, but if not you can modify permissions using sudo chown.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment