Configuring Amazon Elastic File System (EFS) for Multi-EC2 Read/Write Access
Hello Everyone,
Good day to you all! This is Techman once again, and I’m excited to bring you my second main article on this blog. Today, I’ll be guiding you through the process of configuring Amazon Elastic File System (EFS) to enable read and write access for two EC2 instances.
Before diving into today’s topic, I want to take a moment to dedicate this article to my tutor, Bunmi Agbomeji. She has been going through a tough time over the past weekend, and I sincerely hope she recovers quickly. May she find strength and comfort in the days ahead.
Now, Back to Business!
As mentioned earlier, this tutorial will walk you through configuring EFS for two EC2 instances, ensuring seamless file sharing between them. I will explain each step clearly with pictorial diagrams and detailed write-ups to make the process easy to follow.
Let’s get started! 🚀
Step 1.
Login to your AWS Portal, https://console.aws.amazon.com/console/home Then select a region, for the course of this study i will be selecting Ohio.
After Selecting your region , head to the search bar and search for “EFS”, because we are going to be creating an Amazon Elastic File Storage Account. Click on EFS
Step 2.
Then navigate to create file System and click on it.
Step 3.
Once you have clicked to create a file system, give your EFS a unique name, for this study i will be using a name i will call "tutorEFSStorage" then click customize.
Step 4.
After clicking customize , Navigate to File system type Leave it at Regional, Make sure the Box for Enable automatic Back up is checked. then for Lifecycle management , leave the settings on default, under Encryption Make sure Enable encryption of data at rest Box is Checked , Under Performance settings, Throughout put method, leave it on Enhanced, Leave every other settings on default and click Next.
Step 5.
Network Access, Virtual Private Cloud(VPC) Leave on default,
Mount Target , you will notice we have 3 Availability Zones under mount target, leave it on default and click on next.
Step 6.
Under File system policy - optional, Check the box for Enforce in-transit encryption for all clients and click Next.
Step 7.
Review all your settings from Step 3 to Step 6 and click Create
Step 8.
We have created our Amazon Elastic File Storage Account (EFS), Next is to create our First EC2 Instance.
Step 9.
Now head to the Search Bar and Search for EC2 and click on it.
Step 10.
Then click on Launch Instance, to create an EC2 instance.
Step 11.
Launch an instance, under it. Name and Tags give your INSTANCE a Name, for this study i will use "My-Ec2-Instance1"
Under Application and OS Images (Amazon Machine Image): Meaning to select an Instance OS image which we will pick AMAZON LINUX. because AWS EFS Storage can only be configured with Linux Instances.
Amazon Machine Image (AMI): AMAZON LINUX 2023 AMI.
Step 12.
Under Amazon Machine Image (AMI) we pick Amazon Machine Image (AMI): AMAZON LINUX 2023 AMI.( Free Tier Eligible)
Architecture: Select 64-bit (x86)
Under Instance type, scroll down and pick "t3.micro"
Step 13.
Under the Key pair (login) , Select Proceed without a Key-pair, so we do not have to create a username and password to login into our EC2 instance.
Leave other Settings on Default, then Scroll to Security group name-required , change the name, for the course of this study we will change it to "EFS-SG1"
Step 14.
After changing the Security group name, leave every other settings after that on default and click Launch Instance.
Step 15.
Once the Amazon Linux Instance Has been created, head back to Instances.
BY the lower left of your screen look for network and security Tab, under it click on security group, here we are trying to set up a rule where by our EFS will be able to communicate with our first Linux Instance created earlier.
Step 16.
You will Notice that we have Just 2 Security Group , first is the Default that is the Security group that came with creating our AWS EFS account, then the Security group of our created Linux Instance, so to set up the rule, we will Check the box for the "DEFAULT" security group name, scroll down and click on the inbound rule tab, then Click on Edit Inbound Rule.
Step 17.
Once we click Edit Inbound Rule, Scroll to Add a Rule, click on it click on the drop down with CUSTOM TCP. SEARCH FOR NFS (NETWORK FILE SYSTEM) click to select NFS, Then head to the Search box beside the Source tab, Search for the Resource group we created earlier which is EFS-SG1Resource group and add it , then click Save Rules.
Step 18. Our Inbound security group rules successfully modified on security group (sg-03bb39d85bf4cc16a | default)
Then we navigate back to INSTANCES on the top left side of the screen. then click on connect to connect our Linux Ec2 Instance we created.
Step 19.
Connect to instance , Under the EC2 Instance Connection type , we pick : Connect using EC2 Instance connect., this means we are connecting our VM internally instead of on POWER SHELL. Leave the Default Username created by AWS , if you want to change to any specific one you can, but for now i will leave the default username unchanged, then click connect.
Step 20.
A new page with a Black Terminal Will open , and will show our Linux EC2 Instance connected successfully.
Step 21.
RUN COMMAND : "sudo dnf install -y amazon-efs-utils" then press enter ( this Command installed a package, so that we can enable mounting on our Amazon Linux Instance) once you see the picture diagram below, it shows Package installed successfully.
Step 22.
Then create a directory with command sudo mkdir (directoryname) I will use efsfolder as directory name, use command ls to check if the folder or directory has been created.
Step 23.
Then head BACK to your AWS portal, in the search box, search for EFS and click on it, then click on your EFS name which is "tutorEFSStorage" then click on attach
Step 24.
Under Using the EFS mount helper:
copy the command sudo mount -t efs -o tls fs-0b78749f20a8c7816:/ efs and run the command. after running this command , we want to Make sure we have actually mounted the particular files share on our Linux EC2 instance server, We run this command. (df -T)
Step 25.
After running this above command we will change ownership on the directory "efsfolder" we created , we run this command (sudo chown ec2-user efsfolder/)
Step 26.
Now we want to install or download a WordPress site into our "efsfolder" we created earlier. please note we have to change ownership before we can install or download the wordpress site into our “efsfolder”, if not we will get an error message. on the Linux cloud shell paste this info (wget https://wordpress.org/latest.tar.gz) press enter. after that run command "ls -l" to view what you just installed.
Step 27.
Now lets go back to EC2 and create another EC2 instance. What we are actually doing now is, since we have just one instance connected to our EFS , now we want to create another EC2 instance and connect it to our EFS , so that the 2 instances can communicate, share and access files on the same server.
PS: while creating our Amazon Linux Instance, the difference between us creating a Keypair normally and now not creating is because if we create a Keypair we have to connect vis SSH with an IP address, a username and password like we do on azure, but for the course of this lecture we wouldn't be creating a Keypair, so we can just connect directly to our terminal internally on AWS.
Step 28.
To Create Another EC2 Instance Lets Repeat Step 11 to 14 , Under Step 11 We give our new Instance the Name My-Ec2-Instance2, Then Under the Security Group for My-Ec2-Instance2 we name is EFS-SG2.
After we create our new EC2 INSTANCE, we click on it and head to the Network and Security tab by the lower left of the page, then click on Security Groups. then we click on the "DEFAULT" instance ID which belongs to our EFS(ELASTIC FILE SHARE) like we did for the first EC2 Instance we created earlier. then click Edit Inbound rules.
Then Click Add Rules. Under Type Change it to NFS(Network File System) then head to the SOURCE TAB , leave it on default custom, then the Search Space beside Custom click on it and select the 2nd Security Group you created for the 2nd Amazon Linux EC2 Instance which is named EFS-SG2 and click Save Rules.
Then Head back to our EC2 Instance , and click to connect the 2nd Instance or Server we created. So the same Process we for the First Instance applies to the 2nd instance , firstly we install the package that will allow us ( this Command installed a package, so that we can enable mounting on our Amazon Linux Instance) sudo dnf install -y amazon-efs-utils then enter . Then create a New Directory with the same name (efsfolder) command to create director is sudo mkdir efsfolder
PS: Having the same directory name all across your instances is for consistency, we need to ensure that across the servers the same directory names exists so it can be easier for all Instances connecting to the EFS to access such directory or folder easily or for easy automation, also to avoid confusion with it having different name.
Then head to AWS portal and Search for EFS like we did earlier, click on it , navigate to the EFS account we created NAMED "tutorEFSStorage" then click on it , then click attach.
please note we are just repeating the Steps we did earlier for our first EC2 Instance named My-Ec2-Instance1.
Step 28.
After clicking Attach , copy the command again, sudo mount -t efs -o tls fs-0b78749f20a8c7816:/ efs run it on your 2nd EC2 Instance Terminal, you will get the result like we got with the first EC2 instance.
We want to Make sure we have actually mounted the particular files share on our Linux EC2 instance server, We run this command. (df -T)
Step 29.
Now we change Ownership on the efs directory we created earlier for our 2nd EC2 Instance , we run this command (sudo chown ec2-user efsfolder/)
Step 30.
Then we CD into the directory we created with the command "sudo cd efsfolder" Now let us check if we can see the files from the first Instance we created , we run the command "ls -l' to view it.
We can see that Both Linux Instances were able to connect to the same EFS for Read/Write Access.
Thanks.