Cloud Engineering Profession

How To Configure Amazon Elastic File System (efs) And Allow Two Ec2 Instances To Read And Write In The Same File System

IBRAHEEM MUFUTAU DIMEJI's photo
IBRAHEEM MUFUTAU DIMEJI
·

8 min read

You are welcome back to my blog. recording my experience in Cloud Engineering Profession.

This blog is written on how to create Amazon Elastic File System (EFS), how to launch TWO Amazon Elastic Compute Cloud (EC2) instances and how to configure them in such a way that the two virtual machines (ECS instances) will be allowed to read and write in the same EFS file system.

What is Amazon Elastic File System (EFS)?

Amazon Elastic File System (Amazon EFS) provides serverless, fully elastic file storage so that you can share file data without provisioning or managing storage capacity and performance. Amazon EFS is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files. Because Amazon EFS has a simple web services interface, you can create and configure file systems quickly and easily. The service manages all the file storage infrastructure for you, meaning that you can avoid the complexity of deploying, patching, and maintaining complex file system configurations.

Amazon EFS supports the Network File System version 4 (NFSv4.1 and NFSv4.0) protocol, so the applications and tools that you use today work seamlessly with Amazon EFS. Amazon EFS is accessible across most types of Amazon Web Services compute instances, including Amazon EC2, Amazon ECS, Amazon EKS, AWS Lambda, and AWS Fargate.

The service is designed to be highly scalable, highly available, and highly durable.

To create an EFS, just login into the AWS console and search for EFS

then click on create file system

Then we should give our file a name which is supposed to resonate what it’s meant for. That is why I gave my efs a name easyefsfile. Then the Virtual Private Cloud has been set up for us at default which is our private virtual network. In order to do some other useful settings, click on Customize.

Then, in the file system type, I prefer storing my file system across multiple availability zones, that is why I selected Regional to ensure more durability and availability

Under the lifecycle management, I left it at default which means if I dont access my file system for 30 days, it should be transitioned from Standard storage to Infrequently Access storage and after 90 days of inactivity, it should be transitioned to Archive storage

For encryption page, I left the box checked so as to ensure encryption takes place at rest.

Then, under Performance setting, we need to set the throughput mode to default Enhanced mode for more flexibility and higher throughput level for workloads.

Network Access page shows our default VPC and our mount targets with the default Security group. We dont need to change anything here, just click Next to continue.

In the File System Policy, check the box Enforce in-transit encryption for all clients, then the Policy editor will automatically display the policy in JavaScript Object Notation (JSON) format, then click Next.

Now we can review our settings before we Create. It shows here that our efs is editable, Throughput mode is editable, performance mode is not editable and the encryption is done and not editable. Then click on Create

The Elastic File System named easyefsfiles is successfully created

Now after successful creation of the EFS, we need to lunch two EC2 instances and mount the EFS on the two so as to allow both of them to access the file system. To lunch the EC2 instances, go to search tab and search for EC2 and double click on EC2

Click on Lunch Instance

Give your instance a name, I named my first instance easyefsserver

I selected Amazon Linux because EFS cannot run on windows, EFS is strictly running on Linux. And I selected Amazon Linux 2023 AMI as my Amazon Machine Image which is also a free tier eligible

For instance type, I selected t3.micro which gives me 2 vCPUs and 1 GiB memory which is also free tier eligible instance type

Key pair is to securely connect to your instance, you can Create new key pair or skip it by selecting Proceed without a key pair

In the Network setting, we need to create the security group which is a set of firewall rules that is meant to either allow or deny access to the instance. We also changed the default security group name lunch-wizard-2 to our own given name like EFS SG so as to make it easily identifiable among other SGs

After creation of Security Group, click on Launch instance

After successful launching

Follow the steps to create the second EC2 instance and name if efs-server2.

We also need to change the Security Group name to efs-sg2 for identification purpose

Then launch the second EC2. Now we are having 2 instances running.

Before we connect, let us set the inbound rules for our security group to allow traffic. Click on menu for Security Groups under Network & Security at the left side of your console, it will display the default Security group and our EFS SG that we created

then, click on the default Security Group ID in order to access the inbound rules

We need to edit the inbound rules on the default security group to allow traffic

Click on Add rule

We need to add Network File System NFS rule to existing All traffic rule we have and also select the security group we created by searching for our security group ID, then click on Save rule.

Inbound security group rule is successfully modified on the default security group so that our EFS can be successfully mounted on our EC2 instances.

Let us now navigate back to our EC2 instances we have earlier launched. Click on Instances menu on the left menu pane and check the box of our easyefsserver instance in order to activate the Connect button for first server. Click Connect

Leave the default selection of Connect using EC2 instance Connect and click Connect button and it will establish connection to the Linux Terminal

After successful connection, an Amazon Linux terminal is opened

Now we need to install the amazon utilities in order to mount EFS on the EC2 instance. So run this command to install utilities. sudo dnf install -y amazon-efs-utils

Amazon utilities installation complete

Then, make a directory to create a folder in which we will keep our Elastic file system and name it efs, run this command: sudo mkdir efs and run the mounting command copied from the EFS. To copy the command from EFS, search for efs and navigate to the EFS on the console. Double click EFS.

then click on Attach

To mount your Amazon EFS File system on a Linux instance, leave the Mount via DNS checked and copy the EFS mount helper command

Paste the EFS mount helper command on the Linux terminal and hit Enter. To know that you have successfully mounted our EFS on the EC2 instance, run this command: df -T and it will display the details of the mounted EFS on the path /home/ec2-user/efs with IP address 127.0.0,1:/ with type nfs4. Then change directory to enter into the folder with the command cd efs and create a file called easy5.txt inside the folder efs with this command: sudo touch easy5.txt To see the file created, just run the command ls which will list all file(s) in the efs folder.

Then, to change ownership and give ec2-user a permission to access the efs file system, run this command: sudo chown ec2-user efs/

To know that our ownership has changed, cd into efs and run ls -l

Then create a file inside the folder efs with touch command. This time create a downloadable file with this command: wget wordpress.org/latest.tar.gz it is a zip folder that is compressed and we want it downloaded into our EFS

Then lets run ls -l to see our file list. We have two files running, the first file has 0MB which is efs.txt while the second downloaded file was 26160 MB, that is why we have total as 26160.

Let us navigate to our 2 EC2 instances after creating security group for the second instance by editing the inbound rules.

then check the box of the second server and connect

then install amazon utilities on the second instance

After installation of the utilities, make a directory using the same folder name you used in the first instance to ensure consistency, easy automation and to avoid confusion: sudo mkdir efs. Then mount the EFS on the second instance by copying the mount helper command from the EFS. After mounting the second EC2, we change ownership to ec2-user and cd into the efs folder.

Without creating any file inside our second ec2 instance folder, let us run ls -l to see the content of the EFS created by first EC2 instance. From the second ec2 instance we can access the two files created by the first ec2 instance

Now, let us create an html file inside this efs folder: touch index.html and run ls -l to list all the files existing in the EFS. Despite that we created only an html file from the second EC2 instance, it displays three files existing in the file system including the two files created in the first EC2 instance.

Let us connect the fisrt EC2 instance, cd into the efs folder and run ls -l it will definitely display the three files existing in the EFS which means from either of the two instances we can access all the files in the EFS.

mounting efsec2EFS Security