How to Use Amazon EFS with Amazon Lightsail

To get started, you'll need an AWS account. To complete this guide you must install the AWS Command Line Interface (CLI) tool and have jq on your system. jq will be used to extract information from JSON returned by AWS CLI comments. Follow the provided links if you don't have some of those.

1. Peer the Lightsail VPC with the default VPC

Peer the Lightsail and default VPCs using the peer-vpc command. Use jq to extract the VPC IDs for later use.

$ aws lightsail peer-vpc | jq -r '.operation.resourceName, .operation.operationDetails'

<Lightsail VPC ID>
<Default VPC ID>

Note: You can run this command and other AWS CLI commands in this guide without using jq, but will need to extract information manually.

2. Create an EFS file system

Create a new file system with the create-file-system command. Use jq to extract the file system ID for later use.

$ aws efs create-file-system | jq -r '.FileSystemId'

<EFS File System ID>

This command creates a new general purpose file system with bursting throughput mode. Additional options are available if you want to use a difference file system performance model, encryption strategy, or throughput mode. For more information see the EFS documentation.

3. Create EFS mount points in each availability zone

Obtain subnet information for the default VPC using the describe-subnets command. Provide the <Default VPC ID> obtained in section #1. Use jq to extract the default subnet IDs for later use.

$ aws ec2 describe-subnets --filters Name=vpc-id,Values=<Default VPC ID> Name=default-for-az,Values=true | jq -r '.Subnets[].SubnetId'

<subnet 1 ID>
<subnet 2 ID>
<subnet X ID>

Create an EFS mount point in each of the default subnets using the create-mount-target command. Use jq to extract the IP address of the mount point for later use. subnet IDs for later use.

$ aws efs create-mount-target --file-system-id <EFS File System ID> --subnet-id <Subnet ID> | jq -r '.IpAddress'

<EFS Mount Point IP Address>

Do this for each <Subnet ID> reported in section #3.

Note: If you don't have Lightsail instances in some availability zones (AZ), you don't need to craete a mount point in the subnet for that AZ.

4. Create a rule allowing Lightsail to connect to EFS

Identify the VPC CIDR block for the Lightsail VPC using the describe-vpc-peering-connections command. Use jq to extract the VPC CIDR block for later use.

$ aws ec2 describe-vpc-peering-connections --filters Name=requester-vpc-info.vpc-id,Values=<Lightsail VPC ID> | jq -r '.VpcPeeringConnections[0].RequesterVpcInfo.CidrBlock'

<Lightsail VPC CIDR>

Identify the default security group for the default VPC using the describe-security-groups command. Use jq to extract the security group ID for later use.

$ aws ec2 describe-security-groups --filters Name=vpc-id,Values=<Default VPC ID> --group-names default | jq -r '.SecurityGroups[].GroupId'

<Default Security Group ID>

Create the security group rule with the describe-security-groups command.

$ aws ec2 authorize-security-group-ingress --group-id <Default Security Groupo ID> --protocol tcp --port 2049 --cidr <Lightsail VPC CIDR>

This rule allows traffic from the Lightsail VPC on port 2049 (the default NFS port).

5. Connect a Lightsail instance to the EFS file system

Connect to your Linux based Lightsail instance using your own compatible SSH client or connect using your browser from your instances management page. For more information on connecting to your instance with SSH, visit the SSH and connecting to your Lightsail instance page.

Install the NFS client and mount the EFS file system. These commands must be executed using sudo. Replace <EFS Mount Point IP Address> with the IP address obtained in step #3 for the availability zone your Lightsail instance is located in.

apt install nfs-common
mkdir /mnt/efs
mount -t nfs -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport <EFS Mount Point IP Address>:/ /mnt/efs

Write a file to the shared file system

touch /mnt/efs/sharedfile.txt

Repeat step 1 for a different Linux based Lightsail instance in the same region. Be sure to use the EFS mount point for the availability zone the new instance is in. Verify you can read the file written by the first Lightsail instance

Congratulations. You have successfully connected your Lightsail instances to a shared EFS file system.


Complete the following steps to cleanup resources you created in this guide.

Unpeer the Lightsail and default VPCs using the unpeer-vpc command.

$ aws lightsail unpeer-vpc

Remove the mount targets for the EFS file system by first using the describe-mount-targets command to get the mount target IDs

$ aws efs describe-mount-targets --file-system-id <EFS File System ID>

<Mount Target 1 ID>
<Mount Target 2 ID>
<Mount Target X ID>

Then use the delete-mount-target command to delete the individual mount targets.

$ aws efs delete-mount-target --mount-target-id <Mount Target ID>

Finally, delete the EFS file system using the delete-file-system

$ aws efs delete-file-system --file-system-id <EFS File System ID>

You Might Also Enjoy:
ALB API-Gateway AWS-Modern-App-Series AWS-Summit Alexa Analytics Andy-Jassy App-Mesh AppMesh AppSync Architecture Architrecture Athena Aurora AutoScale Backup Big-Data Blockchain CNCF Chaos Cloud-Computing Cognito Complexity Comprehend Compute Computing Config Containers Customer-Support DFS Data-Exchange Data-Lake DataSync Databases Deep-Learning DevOps Disaster-Recovery Distributed Diversity Docker DocumentDB DotNet Doug-Yeum DynamoDB EC2 ECS EFS EKS ELB EMR EUC ElastiCache Elastic-Beanstalk Elastic-Container-Service Elastic-File-System Elastic-Map-Reduce Elastic-Search Enterprise Envoy FSx FTP FTPS Fargate FedRAMP Flask Forecast GSaaS Graph GraphQL Graviton GroundTruth GuardDuty HIPAA Helm How-to Icons Infrastructure IoT K8s KMS Key-Management-Service Keynote Kinesis-Data-Streams KubeCon Kubernetes Lake-Formation Lambda Ledger-Database Lightsail Lustre MFA ML Machine-Learning Macie Marketing MemoryDB Message-Bus Messaging Microservices Migration MongoDB NATs NFS NLP Neptune Networking Nginx Nitro NoSQL OCR ObjectStorage OpenEnclave OpenTelemetry Outposts PCI POSIX PeriodicTable Personalize Peter-DeSantis Pinpoint PrivateLink PubSub Public-Sector Purpose-Built QLDB Queues QuickSight RDS Recommendations Redis Rekognition Relational-Database-Service Repository S3 SFTP SMB SNS SQS SaaS SageMaker Security Serverless Shield Simple-Notification-Service Simple-Queue-Service SnowBall SnowCone SnowMobile SpeechToText Startups Step-Functions Storage Storage-Gateway Streaming Swami-Sivasubramanian Teresa-Carlson Textract Time-Series Timestream Transcribe Transit-Gateway VPC VPS WAF Web-Application-Firewall Well-Architected-Framework Werner-Vogels Windows WorkLink YAML reInvent