# Using Network File System to mount EFS file systems Using NFS Following, learn how to install the Network File System (NFS) client and how to mount your Amazon EFS file system on an Amazon EC2 instance. You also can find an explanation of the `mount` command and the available options for specifying your file system's Domain Name System (DNS) name in the `mount` command. In addition, you can find how to use the file `fstab` to automatically remount your file system after any system restarts. **Note** In this section, you can learn how to mount your Amazon EFS file system without the amazon-efs-utils package. To use encryption of data in transit with your file system, you must mount your file system with Transport Layer Security (TLS). To do so, we recommend using the amazon-efs-utils package. For more information, see [Installing the Amazon EFS client](using-amazon-efs-utils.md). **Topics** + [ ## Prerequisites ](#reqs-mount-nfs) + [ ## NFS support ](#mounting-fs-nfs-info) + [ # Installing the NFS client ](mounting-fs-install-nfsclient.md) + [ # Recommended NFS mount settings ](mounting-fs-nfs-mount-settings.md) + [ # Mounting on Amazon EC2 with a DNS name ](mounting-fs-mount-cmd-dns-name.md) + [ # Mounting with an IP address ](mounting-fs-mount-cmd-ip-addr.md) ## Prerequisites Before you can mount a file system, make sure you meet the following requirements: + Create, configure, and launch your related AWS resources. For instructions, see [Getting started with Amazon EFS](getting-started.md). + Create VPC security groups for your Amazon EC2 instances and mount targets with the required inbound and outbound access. For more information, see [Using VPC security groups](network-access.md). ## NFS support Amazon EFS supports the Network File System versions 4.0 and 4.1 (NFSv4) protocols when mounting your file systems on Amazon EC2 instances. Although NFSv4.0 is supported, we recommend that you use NFSv4.1. Mounting your Amazon EFS file system on your Amazon EC2 instance also requires an NFS client that supports your chosen NFSv4 protocol. Amazon EC2 Mac instances running macOS Big Sur only support NFS v4.0. Amazon EFS does not support the `nconnect` mount option. **Note** For Linux kernel versions 5.4.\$1, the Linux NFS client uses a default `read_ahead_kb` value of 128 KB. We recommend increasing this value to 15 MB. For more information, see [Optimizing the NFS read\$1ahead\$1kb size](performance-tips.md#efs-perf-optimize-nfs-read-ahead). For optimal performance and to avoid a variety of known NFS client bugs, we recommend working with a recent Linux kernel. If you are using an enterprise Linux distribution, we recommend the following: + Amazon Linux 2 + Amazon Linux 2017.09 or newer + Red Hat Enterprise Linux (and derivatives such as CentOS) version 8 and newer + Ubuntu 16.04 LTS and newer + SLES 12 Sp2 or later If you are using another distribution or a custom kernel, we recommend kernel version 4.3 or newer. To troubleshoot issues related to certain AMI or kernel versions when using Amazon EFS from an EC2 instance, see [Troubleshooting AMI and kernel issues](troubleshooting-efs-ami-kernel.md). **Note** Mounting EFS file systems with Amazon EC2 instances running Microsoft Windows is not supported. # Installing the NFS client Installing the NFS client To mount your EFS file system on your Amazon EC2 instance, first you need to install an NFS client. To connect to your EC2 instance and install an NFS client, you need the public DNS name of the EC2 instance and a user name to log in. That user name for your instance is typically `ec2-user`. **To connect your EC2 instance and install the NFS client** 1. Connect to your EC2 instance. For more information, see [Connect to your EC2 instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect.html) in the *Amazon EC2 User Guide*. The key file cannot be publicly viewable for SSH. You can use the **chmod 400 *filename*.pem** command to set these permissions. For more information, see [ Create a key pair for your Amazon EC2 instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-key-pairs.html). 1. (Optional) Get updates and reboot. ``` $ sudo yum -y update $ sudo reboot ``` 1. After the reboot, reconnect to your EC2 instance. 1. Install the NFS client. If you're using an Amazon Linux AMI or Red Hat Linux AMI, install the NFS client with the following command. ``` $ sudo yum -y install nfs-utils ``` If you're using an Ubuntu Amazon EC2 AMI, install the NFS client with the following command. ``` $ sudo apt-get -y install nfs-common ``` 1. Start the NFS service using the following command: ``` $ sudo service nfs-server start ``` 1. Verify that the NFS service started, as follows. ``` $ sudo service nfs-server status Redirecting to /bin/systemctl status nfs.service ● nfs-server.service - NFS server and services Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled) Active: active (exited) since Wed 2019-10-30 16:13:44 UTC; 5s ago Process: 29446 ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS (code=exited, status=0/SUCCESS) Process: 29441 ExecStartPre=/bin/sh -c /bin/kill -HUP `cat /run/gssproxy.pid` (code=exited, status=0/SUCCESS) Process: 29439 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS) Main PID: 29446 (code=exited, status=0/SUCCESS) CGroup: /system.slice/nfs-server.service ``` If you use a custom kernel (that is, if you build a custom AMI), you need to include at a minimum the NFSv4.1 client kernel module and the right NFS4 userspace mount helper. **Note** If you choose **Amazon Linux AMI 2016.03.0** or **Amazon Linux AMI 2016.09.0** when launching your Amazon EC2 instance, you don't need to install `nfs-utils` because it's already included in the AMI by default. **Next: Mount your file system** Use one of the following procedures to mount your file system. + [Mounting on Amazon EC2 with a DNS name](mounting-fs-mount-cmd-dns-name.md) + [Mounting with an IP address](mounting-fs-mount-cmd-ip-addr.md) + [Automatically mounting EFS file systemsEnabling automatic mounting on EC2 Linux or Mac instances using NFS](nfs-automount-efs.md) # Recommended NFS mount settings Recommended NFS mount settings We recommend the following values for mount options on Linux: + `noresvport` – Tells the NFS client to use a new non-privileged Transmission Control Protocol (TCP) source port when a network connection is reestablished. NFS client software included in older versions of the Linux kernel (versions v5.4 and below) include a behavior that causes NFS clients to, upon disconnection, attempt reconnecting on the same TCP source port. This behavior does not comply with the TCP RFC, and can prevent these clients from quickly re-establishing connections to an EFS file system. Using `noresvport` option helps to ensure that NFS clients reconnect transparently to your EFS file system, maintaining uninterrupted availability when reconnecting after a network recovery event. **Important** We strongly recommend using the `noresvport` mounting option to help ensure that your EFS file system has uninterrupted availability after a reconnection or network recovery event. Consider using the [EFS mount helper](mounting-fs.md) to mount your file systems. The EFS mount helper uses NFS mount options optimized for Amazon EFS file systems. + `rsize=1048576` – Sets the maximum number of bytes of data that the NFS client can receive for each network READ request. This value applies when reading data from a file on an EFS file system. We recommend that you use the largest size possible (up to `1048576`) to avoid diminished performance. + `wsize=1048576` – Sets the maximum number of bytes of data that the NFS client can send for each network WRITE request. This value applies when writing data to a file on an EFS file system. We recommend that you use the largest size possible (up to `1048576`) to avoid diminished performance. + `hard` – Sets the recovery behavior of the NFS client after an NFS request times out, so that NFS requests are retried indefinitely until the server replies. We recommend that you use the hard mount option (`hard`) to ensure data integrity. If you use a `soft` mount, set the `timeo` parameter to at least `150` deciseconds (15 seconds). Doing so helps minimize the risk of data corruption that is inherent with soft mounts. + `timeo=600` – Sets the timeout value that the NFS client uses to wait for a response before it retries an NFS request to 600 deciseconds (60 seconds). If you must change the timeout parameter (`timeo`), we recommend that you use a value of at least `150`, which is equivalent to 15 seconds. Doing so helps avoid diminished performance. + `retrans=2` – Sets to 2 the number of times the NFS client retries a request before it attempts further recovery action. + `_netdev` – When present in `/etc/fstab`, prevents the client from attempting to mount the EFS file system until the network has been enabled. + `nofail` – If your EC2 instance needs to start regardless of the status of your mounted EFS file system, add the `nofail` option to your file system's entry in your `/etc/fstab` file. If you don't use the preceding defaults, be aware of the following: + In general, avoid setting any other mount options that are different from the defaults, which can cause reduced performance and other issues. For example, changing read or write buffer sizes or disabling attribute caching can result in reduced performance. + Amazon EFS ignores source ports. If you change Amazon EFS source ports, it doesn't have any effect. + Amazon EFS does not support the `nconnect` mount option. + Amazon EFS doesn't support any of the Kerberos security variants. For example, the following mount command fails. ``` $ mount -t nfs4 -o krb5p :/ /efs/ ``` + We recommend that you mount your file system using its DNS name. This name resolves to the IP address of the Amazon EFS mount target in the same Availability Zone as your Amazon EC2 instance. If you use a mount target in an Availability Zone different from that of your Amazon EC2 instance, you incur standard EC2 charges for data sent across Availability Zones. You also might see increased latencies for file system operations. + For more mount options, and detailed explanations of the defaults, see the Linux documentation. # Mounting on Amazon EC2 with a DNS name Mounting on EC2 with DNS **Note** Prior to mounting your file system, you need to add a rule to the mount target security group that allows inbound NFS access on port 2049 from the EC2 security group. For more information, see [Using VPC security groups](network-access.md). + **File system DNS name** – Using the file system's DNS name is your simplest mounting option. The file system DNS name automatically resolves to the mount target’s IP address in the Availability Zone of the connecting Amazon EC2 instance. You can get the DNS name from the console, or if you have the file system ID, you can construct it using the following convention. ``` file-system-id.efs.aws-region.amazonaws.com ``` **Note** DNS resolution for file system DNS names requires that the Amazon EFS file system has a mount target in the same Availability Zone as the client instance. + Using the file system DNS name, you can mount a file system on your Amazon EC2 Linux instance with the following command. ``` sudo mount -t nfs -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport file-system-id.efs.aws-region.amazonaws.com:/ /efs-mount-point ``` + Using the file system DNS name, you can mount a file system on your Amazon EC2 Mac instance running a supported macOS version (Big Sur, Monterey, Ventura) with the following command. ``` sudo mount -t nfs -o nfsvers=4.0,rsize=65536,wsize=65536,hard,timeo=600,retrans=2,noresvport,mountport=2049 file-system-id.efs.aws-region.amazonaws.com:/ /efs ``` **Important** You must use `mountport=2049` in order to successfully connect to the EFS file system when mounting on EC2 Mac instances running support macOS versions. + **Mount target DNS name** – In December 2016, we introduced file system DNS names. We continue to provide a DNS name for each Availability Zone mount target for backward compatibility. The generic form of a mount target DNS name is as follows. ``` availability-zone.file-system-id.efs.aws-region.amazonaws.com ``` **Note** Mount target DNS name resolution across Availability Zones is supported. In some cases, you might delete a mount target and then create a new one in the same Availability Zone. In such a case, the DNS name for that new mount target in that Availability Zone is the same as the DNS name for the old mount target. You can view and copy the exact commands to mount your file system in the **Attach** dialog box. **To view the mount commands for your file system** 1. In the Amazon EFS console, choose the file system that you want to mount to display its details page. 1. To display the mount commands to use for this file system, choose **Attach** in the upper right. The **Attach** screen displays the exact commands to use for mounting the file system. 1. The default **Mount via DNS** view displays the command to mount the file system using the file system's DNS name when mounting with the EFS mount helper or an NFS client. For a list of AWS Regions that support Amazon EFS, see [Amazon Elastic File System ](https://docs.aws.amazon.com/general/latest/gr/rande.html#elasticfilesystem-region) in the AWS General Reference. To be able to use a DNS name in the `mount` command, the following must be true: + The connecting EC2 instance must be inside a VPC and must be configured to use the DNS server provided by Amazon. For information about Amazon DNS server, see [DHCP option sets in Amazon VPC](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) in the *Amazon VPC User Guide*. + The VPC of the connecting EC2 instance must have both **DNS Resolution** and **DNS Hostnames** enabled. For more information, see [ DNS attributes for your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-viewing) in the *Amazon VPC User Guide*. + The connecting EC2 instance must be inside the same VPC as the EFS file system. For more information on accessing and mounting a file system from another location or from a different VPC, see [Prerequisites](mounting-fs-mount-helper-direct.md#efs-onpremises) and [Tutorial: Mount a file system from a different VPC](efs-different-vpc.md). **Note** We recommend that you wait 90 seconds after creating a mount target before you mount your file system. This wait lets the DNS records propagate fully in the AWS Region where the file system is. # Mounting with an IP address Mounting with an IP address As an alternative to mounting your Amazon EFS file system with the DNS name, Amazon EC2 instances can mount a file system using a mount target’s IP address. Mounting by IP address works in environments where DNS is disabled, such as VPCs with DNS hostnames disabled. You can also configure mounting a file system using the mount target IP address as a fallback option for applications configured to mount the file system using its DNS name by default. When connecting to a mount target IP address, EC2 instances should mount using the mount target IP address in the same Availability Zone as the connecting instance. You can view and copy the exact commands to mount your file system in the **Attach** dialog box. **Note** Prior to mounting your file system, you need to add a rule for the mount target security group to allow inbound NFS access on port 2049 from the EC2 security group. For more information, see [Using VPC security groups](network-access.md). **To view and copy the exact commands to mount your EFS file system using the mount target IP address** 1. Open the Amazon Elastic File System console at [https://console.aws.amazon.com/efs/](https://console.aws.amazon.com/efs/). 1. In the Amazon EFS console, choose the file system that you want to mount to display its details page. 1. To display the mount commands to use for this file system, choose **Attach** in the upper right. 1. The **Attach** screen displays the exact commands to use for mounting the file system. Choose **Mount via IP** to display the command to mount the file system using the mount target IP address in the selected Availability Zone with an NFS client. + Using the IP address of a mount target in the `mount` command, you can mount a file system on your Amazon EC2 Linux instance with the following command. ``` sudo mount -t nfs -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport mount-target-IP:/ /efs ``` + Using the IP address of a mount target in the `mount` command, you can mount a file system on your Amazon EC2 Mac instance running macOS Big Sur with the following command. ``` sudo mount -t nfs -o nfsvers=4.0,rsize=65536,wsize=65536,hard,timeo=600,retrans=2,noresvport,mountport=2049 mount-target-IP:/ /efs ``` **Important** You must use `mountport=2049` in order to successfully connect to the EFS file system when mounting on EC2 Mac instances running macOS Big Sur. ## Mounting with an IP address in AWS CloudFormation You can also mount your file system using an IP address in an CloudFormation template. For more information, see [storage-efs-mountfilesystem-ip-addr.config](https://github.com/awsdocs/elastic-beanstalk-samples/blob/master/configuration-files/community-provided/instance-configuration/storage-efs-mountfilesystem-ip-addr.config) in the **awsdocs/elastic-beanstalk-samples** repository for community-provided configuration files on GitHub.