Walkthrough: Create an Amazon EFS file system and mount it on an Amazon EC2 instance using the Amazon CLI - Amazon Elastic File System
Before you beginSetting up the Amazon CLI
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Walkthrough: Create an Amazon EFS file system and mount it on an Amazon EC2 instance using the Amazon CLI

This walkthrough uses the Amazon CLI to explore the Amazon EFS API. In this walkthrough, you create an encrypted Amazon EFS file system, mount it on an Amazon EC2 instance in your VPC, and test the setup.

Note

This walkthrough is similar to the Getting Started exercise. In the Getting started exercise, you use the console to create EC2 and Amazon EFS resources. In this walkthrough, you use the Amazon CLI to do the same—primarily to familiarize yourself with the Amazon EFS API.

In this walkthrough, you create the following Amazon resources in your account:

  • Amazon EC2 resources:

    • Two security groups (for your EC2 instance and Amazon EFS file system).

      You add rules to these security groups to authorize appropriate inbound/outbound access. Doing this allows your EC2 instance to connect to the file system through the mount target by using a standard NFSv4.1 TCP port.

    • An Amazon EC2 instance in your VPC.

  • Amazon EFS resources:

    • A file system.

    • A mount target for your file system.

      To mount your file system on an EC2 instance you need to create a mount target in your VPC. You can create one mount target in each of the Availability Zones in your VPC. For more information, see How Amazon EFS works.

Then, you test the file system on your EC2 instance. The cleanup step at the end of the walkthrough provides information for you to remove these resources.

The walkthrough creates all these resources in the US West (Oregon) Region (us-west-2). Whichever Amazon Web Services Region you use, be sure to use it consistently. All of your resources—your VPC, EC2 resources, and Amazon EFS resources—must be in the same Amazon Web Services Region.

Before you begin

  • You can use the root credentials of your Amazon Web Services account to sign in to the console and try the Getting Started exercise. However, Amazon Identity and Access Management (IAM) recommends that you do not use the root credentials of your Amazon Web Services account. Instead, create an administrator user in your account and use those credentials to manage resources in your account. For more information, see Setting up for Amazon EFS.

  • You can use a default VPC or a custom VPC that you have created in your account. For this walkthrough, the default VPC configuration works. However, if you use a custom VPC, verify the following:

    • DNS hostnames are enabled. For more information, see Updating DNS support for your VPC in the Amazon VPC User Guide.

    • The Internet gateway is attached to your VPC. For more information, see Internet Gateways in the Amazon VPC User Guide.

    • The VPC subnets are configured to request public IP addresses for instances launched in the VPC subnets. For more information, see IP Addressing in Your VPC in the Amazon VPC User Guide.

    • The VPC route table includes a rule to send all Internet-bound traffic to the Internet gateway.

  • You need to set up the Amazon CLI and add the adminuser profile.

Setting up the Amazon CLI

Use the following instructions to set up the Amazon CLI and user profile.

To set up the Amazon CLI

  1. Download and configure the Amazon CLI. For instructions, see the following topics in the Amazon Command Line Interface User Guide.

    Getting Set Up with the Amazon Command Line Interface

    Installing the Amazon Command Line Interface

    Configuring the Amazon Command Line Interface

  2. Set profiles.

    You store user credentials in the Amazon CLI config file. The example CLI commands in this walkthrough specify the adminuser profile. Create the adminuser profile in the config file. You can also set the administrator user profile as the default in the config file as shown. 

    [profile adminuser]
aws_access_key_id = admin user access key ID
aws_secret_access_key = admin user secret access key
region = us-west-2

[default]
aws_access_key_id = admin user access key ID
aws_secret_access_key = admin user secret access key
region = us-west-2

    The preceding profile also sets the default Amazon Web Services Region. If you don't specify a region in the CLI command, the us-west-2 region is assumed.

  3. Verify the setup by entering the following command at the command prompt. Both of these commands don't provide credentials explicitly, so the credentials of the default profile are used.

    • Try the help command

      You can also specify the user profile explicitly by adding the --profile parameter.

      aws help
      aws help \
--profile adminuser
Next step

Step 1: Create Amazon EC2 resources