Changing mount target security groups
Security groups define inbound and outbound access. When you change security groups associated with a mount target, make sure that you authorize necessary inbound and outbound access. Doing so enables your EC2 instance to communicate with the file system. For more information about security groups, see Using VPC security groups.
You can add or remove security groups for a file system's mount target by using the Amazon Web Services Management Console, Amazon CLI, or programmatically by using the Amazon SDKs.
To modify security groups for mount targets
Use the following procedure to add or remove mount target security groups for an existing EFS file system.
Open the Amazon Elastic File System console at https://console.amazonaws.cn/efs/
. -
In the left navigation pane, choose File systems, and then select the file system for which you want to manage mount targets.
-
Choose Network and then choose Manage to display the mount targets for the file system.
-
To remove a security group from a mount target, choose X next to the security group ID.
-
To add a security group to a mount target, choose the security from the Security groups list.
-
Choose Save.
To modify security groups that are in effect for a mount target, use the
modify-mount-target-security-group Amazon CLI command (the corresponding
operation is ModifyMountTargetSecurityGroups) to replace any existing
security groups, as shown following.
$ aws efs modify-mount-target-security-groups \ --mount-target-idmount-target-ID-whose-configuration-to-update\ --security-groupssecurity-group-ids-separated-by-space\ --regionaws-region-where-mount-target-exists\ --profile adminuser
The following is an example with sample data.
$ aws efs modify-mount-target-security-groups \ --mount-target-idfsmt-5751852e\ --security-groupssg-1004395a sg-1114433a\ --regionus-east-2