Introduction and Background
In modern cloud architectures, building scalable, stateless web applications requires decoupled storage solutions. By default, Amazon Elastic Compute Cloud (EC2) instances use Amazon Elastic Block Store (EBS) for storage. While EBS is highly performant, it is block storage designed for single-instance attachment. If you deploy a fleet of auto-scaling EC2 instances behind an Application Load Balancer (ALB), they cannot share a standard EBS volume. To address this limitation, AWS provides Amazon Elastic File System (EFS), which allows multiple EC2 instances to read and write to the same file system concurrently.
Amazon EFS is a serverless, fully managed, NFSv4-compliant file system designed to scale storage capacity automatically up to petabytes without manual provisioning. However, integrating Amazon EFS with EC2 instances requires proper configuration of Amazon Virtual Private Cloud (VPC) subnets, security group permissions, AWS Identity and Access Management (IAM) roles, and NFS client mounting utilities. This guide provides a step-by-step walkthrough to set up Amazon EFS and mount it on Ubuntu 22.04 EC2 instances across both public and private subnets.
Key Takeaways
- Concurrent File Access: Amazon EFS enables thousands of EC2 instances to access the same storage volume simultaneously, making it ideal for stateless application tiers.
- Managed Scalability: EFS is serverless and automatically scales storage capacity and I/O performance up or down, eliminating manual partition resizing.
- Security Group Alignment: Successful mounting requires an EFS security group that allows inbound traffic on port 2049 (NFS) exclusively from the EC2 security group.
- Persistent Mounts: Mount EFS volumes on Linux instances using the NFS client utility and persist them across system reboots by updating the `/etc/fstab` configuration file.
Amazon EFS vs. Amazon EBS
To design an efficient storage layer on AWS, it is important to understand the differences between Amazon EFS and Amazon EBS:
- Amazon EBS (Elastic Block Store): Provides block-level storage. It is attached to a single EC2 instance at a time and is optimized for low-latency database backends.
- Amazon EFS (Elastic File System): Provides file-level storage. It can be mounted on thousands of instances concurrently, making it suitable for content management systems, shared developer workspaces, and media processing pipelines.
Step-by-Step EFS-EC2 Integration Guide
Follow these steps to configure and mount Amazon EFS on your Ubuntu 22.04 EC2 instances:
Step 1: Configure Security Groups
EFS access relies on security group rules. You must configure two security groups:
- EC2 Security Group: Allows SSH access (Port 22) for administration.
- EFS Security Group: Allows inbound TCP traffic on Port 2049 (NFS) from the EC2 Security Group. This ensures only authorized EC2 instances can connect to the storage volume.
Step 2: Create the Amazon EFS File System
Navigate to the Amazon EFS console and click Create File System. Select your target VPC. Under network settings, AWS will generate mount targets for each Availability Zone. Assign the EFS Security Group created in Step 1 to these mount targets to allow networking access from your EC2 instances.
Step 3: Launch EC2 Instances (Ubuntu 22.04)
Launch one or more EC2 instances using the Ubuntu Server 22.04 LTS AMI. Ensure they are placed in the same VPC as your EFS file system. Under security settings, attach the EC2 Security Group configured in Step 1.
Step 4: Install NFS Utilities and Mount EFS
SSH into your EC2 instance and install the required NFS client utility:
sudo apt update && sudo apt install nfs-common -ysudo mkdir -p /mnt/efssudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport EFS_DNS_NAME:/ /mnt/efsStep 5: Persist Mount Across Reboots
To ensure the EFS volume remounts automatically after a system reboot, edit the `/etc/fstab` file:
sudo nano /etc/fstabEFS_DNS_NAME:/ /mnt/efs nfs4 defaults,_netdev 0 0sudo umount /mnt/efs && sudo mount -aPublic vs. Private Subnet Mounting Details
The table below summarizes network configurations required when mounting EFS on EC2 instances across public and private subnets:
| Network Metric | Public Subnet Instance | Private Subnet Instance |
|---|---|---|
| Direct Access | Direct SSH over the internet. | Requires a Bastion Host or AWS Session Manager. |
| Internet Outbound | Uses an Internet Gateway. | Requires a NAT Gateway. |
| EFS Mount Target Location | Any subnet in the VPC. | Must be in the same private subnet as the instance. |
| Security Policy | Standard port blocking. | Highly secure (no public IP, isolated traffic). |
Real-World Example: Shared Jenkins Home
A common enterprise use case is sharing Jenkins data. Jenkins uses a single home directory (`/var/lib/jenkins`) to store configuration, build jobs, credentials, and logs. By mounting Amazon EFS at `/var/lib/jenkins`, multiple Jenkins primary and agent nodes can run concurrently. If a Jenkins primary instance fails, a new instance can be spun up in another Availability Zone, mount the same EFS volume, and resume builds without data loss.
Conclusion
Integrating Amazon EC2 with Amazon EFS provides a scalable, shared storage solution for containerized applications, web server fleets, and MLOps pipelines. By configuring security groups to allow NFS traffic on port 2049, setting up VPC mount targets, and mounting EFS with client tools, you build a resilient, shared file system. Decoupling compute from storage is a core design pattern for highly available cloud architectures.
Need expert assistance designing secure AWS storage architectures or automating EFS deployment with Terraform? Our certified cloud infrastructure engineers can help. Get Started with Dev Knowledge today.
About Dev Knowledge
Dev Knowledge is a premier global cloud consulting partner. As an AWS Premier Tier Partner and Microsoft Solutions Partner, we assist enterprises globally in building modern data platforms, securing database instances, and executing seamless migrations.
Frequently Asked Questions
Can I mount an EFS volume on on-premises servers?
Yes. You can mount Amazon EFS on on-premises servers by establishing an AWS Direct Connect connection or an AWS Site-to-Site VPN link between your local data center and target VPC.
How does EFS billing work?
EFS bills based on storage consumed per month. It offers different storage classes, including EFS Standard and EFS Infrequent Access (IA). Using Lifecycle Management, you can automatically transition files to IA to reduce costs by up to 92%.
What is the maximum throughput of Amazon EFS?
Amazon EFS can scale to support over 10 GB/s of throughput and up to 500,000 IOPS. Developers can choose between Elastic throughput (automatic scaling) and Provisioned throughput modes.