Unable to mount Elastic File System on EC2 (mount.nfs4: Connection timed out)
You probably need to create inbound policies. From the amazon documentation: The file system must have a mount target whose network interface has a security group with a rule than enables inbound connections on TCP port 2049 from the instance, either by IP address (CIDR range) or security group. The source of inbound TCP 2049 security group rules on mount target network interfaces is a key element of file system access control. Note that inbound rules other than TCP port 2049, and any outbound rules, are of no use to file system mount target network interfaces. The mounting instance must have a network interface with a security group rule that enables outbound connections to TCP port 2049 on one of the file system's mount targets, either by IP address (CIDR range) or security group.
Related videos on Youtube
01 : 49
07 : 00
03 : 38
16 : 00
02 : 37
Yankee
Updated on September 18, 2022Comments
-
Yankee over 1 year
I am trying to mount an EFS file sytem on an EC2 instance. Here is what I'm doing:
- Connect to EC2 instance using
ssh -i "MyKeyPair.pem" [email protected]. Then I switch to the super user and root directory. - Then I try to mount EFS using
sudo mount -t nfs4 -o nfsvers=4.1 $(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone).fs-7cb147d5.efs.us-west-2.amazonaws.com:/ /var/www/html
The command does nothing for 2-3 minutes and then gives me this error :
mount.nfs4: Connection timed outI looked up the Troubleshooting guide for EFS which suggests:
- This could occur because either the Amazon EC2 instance or the mount target security groups are not configured properly. For more information, see Creating Security Groups.
- Verify that the mount target IP address that you specified is valid. If you specify the wrong IP address and there is nothing else at that IP address to reject the mount, you could experience this issue.
I have allowed the following types of inbound connections both to my default and another Security groups : TCP,HTTP,HTTPS,SSH.
The VPC I am using for EFS is the default one and for EC2 I am using both the custom security group and the default one (I've edited both to accept inbound connections from TCP,HTTP,HTTPS,SSH) - Connect to EC2 instance using
-
Yankee almost 8 yearsThanks for the answer Jorge, I'll try and see if that works.
-
user1709076 over 7 yearsi might edit this to read 'inbound NFS on port 2049 where the source IP is set to the security group assigned to your EC2 instance' for more concrete direction. For me I didn't realize a security group could be infinitely recursive (i.e contain a rule where the 'source' is the same as the security group being defined)
