View Single Post
Old 2016-07-15, 02:37   #5
GP2's Avatar
Sep 2003

5·11·47 Posts
Default Create a new security group for mounting EFS

This part will need to be done separately for each AWS region that you use (but for now let's just do one region).

In this section, you will set the permissions that will allow your instances to access the EFS filesystem.

Presumably you are still in the Security Groups page after the previous step. If not, go to the EC2 console at, then click on the "Security Groups" link in the left-hand-side menu.

Make sure you are in the AWS region you intended to be in, and change it if necessary. The region name is indicated at the top right part of the page. Make sure it is a region where EFS is available.

First, make note of the security group ID of the "default" security group. It is of the form sg-xxxxxxxx, where each "x" is a hexadecimal digit. You will need this below.

Click on the blue "Create Security Group" button.

For "Security group name", choose something like efs-mount-target or whatever you like.

For "Description", fill in something like "Security group for EFS mount targets", or whatever you like.

For "VPC", keep it at the default value (this is the VPC you will use when you run all your instances).

For "Security group rules", make sure the "Inbound" tab is selected, then click on the Add Rule button.

Select "NFS" for the "Type" heading, which will automatically change "Port Range" to 2049, and select "Custom" for the "Source" heading, then fill in the text input box with the security group ID (of the form sg-xxxxxxxx, where each "x" is a hexadecimal digit) of the "default" security group.

   Type     Protocol   Port Range         Source
   NFS      TCP        2049               Custom   ___________
Fill in the ___________ with the "sg-" value as described above.

Click on the blue "Create" button.

This creates the efs-mount-target security group (or whatever you named it). It will also have a security group ID of the form sg-xxxxxxxx, but this will be different from the ID of the "default" security group.

Write down or copy the security group ID sg-xxxxxxxx of this newly created security group. You will need it later.

Next section: Make sure that you have a key pair for ssh logins

Last fiddled with by GP2 on 2016-07-26 at 19:21
GP2 is offline   Reply With Quote