Create and mount an EFS file system using Amazon EC2 Launch Wizard

Carl Hayes
8 min readJun 2, 2021


Amazon EFS


During this tutorial, I will show how you can mount an Amazon Elastic File System (EFS) to an Amazon Elastic Compute(EC2) instance. When using the launch wizard we are presented with all of the necessary specifications required to launch an instance. Typically the launch wizard provides a set of default values, but you have the ability to accept or modify those values to what serves your purpose.

Starting off, I believe its important to introduce a few terms that you may see frequently in this lab, as well as others.

What is EC2?

Amazon Elastic Compute Cloud (EC2) is a web service that promotes secure resizable compute capacity in the cloud. It promotes ease of use with its friendly interface and allows owners complete control of launched computing resources while running on Amazon’s computing environment.

What is EFS?

Amazon Elastic File System (EFS) is a simple, serverless elastic file system that allows you to share file data without the need to provision or manage storage. EFS has the ability to be used with on-premise resources and AWS Cloud services, which promotes its flexibility and is built to scale on demand to petabytes without disrupting applications.
Click here for more info.

Other Vocabulary

AWS Regions: Regions are physical locations around the world where AWS clusters data centers.

Availability Zones (AZs): An availability zone (AZ) is one or more discrete data centers with redundant power , networking and connectivity in an AWS Region.
Security Groups (SGs): A security group or SG acts as a virtual firewall around your instance to control inbound/outbound traffic. For each security group created, you add rules that dictate whether traffic from a specific port will be allowed.
Amazon Machine Image (AMI): The AMI provides the information necessary to launch an instance. It’s mandatory to specify an AMI when attempting to launch an instance. It typically includes:

1.One or more Amazon Elastic Block Store (EBS) snapshots, or for instance-store-backed AMIs, a template for the root volume of the instance (i.e. Operating system)
2. Launch permissions that control which AWS accounts can use the AMI to launch instances
3. A block device mapping that specifies the volumes to attach to the instance when it’s launched.

Key Pair: A key pair, consisting of a private key and a public key, is a set of security credentials that you use to prove your identity when connecting to an instance. Amazon EC2 stores the public key, and you store the private key. You use the private key, instead of a password, to securely access your instances.

Create the Security Groups

We will create two security groups (SGs) — one will be attached to the EC2 instance and the other will be associated with the Amazon EFS File System.

Open the Amazon VPC dashboard. Choose the Region drop-down and select the AWS Region where you want to create the Amazon EFS file system and launch your Amazon EC2 instance. We will be using the N.Virgina (us-east-1) region.

VPC Dashboard

On the left navigation pane, select security groups. There will already be a default security group present. Created the following two additional security groups in the default VPC. For detailed steps, see Create a Security Group

Security Groups
  • EC2-sg: This security group will be attached to the EC2 instance and it allows only SSH connection inbound to the EC2 instance and any outbound connectivity.
  • EFS-sg: This security group will be attached to the EFS file system and allows only TCP connection on port 2409 from the EC2 instance and any outbound connectivity.

Select the EC2-sg security group and choose the Inbound Rules tab. Verify that the Type is SSH. Then, choose the Outbound Rules tab and verify that the Type is All traffic.

selecting ec2-sg
SSH inbound rule set for ec2
SSH outbound rule set for ec2

Select the EFS-sg security group and choose the Inbound Rules tab. Verify that the Source is security group EC2-sg. Then, choose the Outbound Rules tab and verify that the Type is All traffic.

Selecting EFS-sg
inbound rules for EFS-sg
outbound rules for EFS-sg

Create the EFS File System

Navigate to Amazon EFS in the AWS management console. Next, select create file system once the EFS screen populates.

When attempting to create a file system in the consoles new view, you will be presented with a easy configurable screen that will automatically choose the VPC and set availability as regional. However, I want to make some subtle changes, so instead of selecting create — I am going to choose customize.

File System Settings
We are going to ensure that our availability settings are still configured to be regional. I disabled automatic backups because I am leveraging a cloud sandbox from A Cloud Guru, so that is not necessary. Lifecycle management will be kept to 30 days since last access. This policy will simply move our files from standard to infrequent access if the files aren’t access within 30 days. We will keep our performance mode and throughput modes set to default which are general purpose and bursting.

File System Settings

Network Access
Automatically, the default VPC will be selected. Please ensure that under the mount target field that all of the accompanied AZs have the proper security group attached (EFS-sg). Select Next. Skip the File System policy (as it’s not a mandatory field needed). Review your configurations for the EFS created and select create.

Network Settings

Launch the EC2 Instance and mount the file system

We are planning to use the launch wizard to launch an ec2 instance and mount the files system to that newly created instance. Prior to connecting to an ec2 instance, you need to create a key pair.

Navigate to the ec2 console and choose launch instance.

On the choose AMI page, select the Linux 2 AMI (free-tier eligible)

For Instance type, select t2.micro (free-tier eligible)

Under configure instance details, ensure the following:
- For network, the default VPC is selected
- Highlight no preference for subnet
- For file systems, select add file system and select the file system ID

Sidenote: After you select the file system ID, the User data field is automatically populated with a configuration script that automates all manual tasks, such as installing the file system client, installing the EFS mount helper (for Amazon Linux only), and updating the EC2 instance properties so that the file system mounts automatically upon instance reboot.

Keep all of the other settings marked as default and choose Next: Add Storage.

Keep the default settings on the Add Storage page and keep the default settings. Skip the Add Tags page, that is merely optional but a good practice to have when creating resources in AWS.

Under configure security groups, highlight Select an existing security group and choose the EC2-sg security group. Select review and launch, then proceed to launch the instance.

Create a key pair
In the Select an existing key pair or create a new key pair field, choose accordingly. If you currently have an existing key pair, you have the ability to attach it to this instance, however if you’re like me and doing this in a cloud sandbox, I don’t have an existing key pair. Which means I get the honor of creating a brand new one. Press the drop down and highlight Create a new key pair. Create the name of your keypair and download it.

After the keypair is downloaded, please store it in a safe place on your PC that you won’t forget. Then proceed to select Launch Instances.

If the steps were performed correctly, you will see your newly created ec2 instance in the Instances field and status should be running.

Check to ensure EFS File System is mounted

Navigate to the ec2 console and highlight the newly created instance. After highlighting, select the connect option.

We are going to select the ec2 instance connect option, which is a browser-based SSH connection. You can also simply SSH into the instance using terminal on mac/Linux or command prompt/PowerShell on Windows, but for the sake of simplicity we are going to leverage the ec2 instance connect.

Once inside of the instance via AWS CLI, type the following command

When running this command, we can see that the EFS File System is properly mounted at mnt/efs/1 which is the same path provided earlier when we attached our file system to the instance. If you’ve made it this far, congratulations! We’ve successfully mounted an EFS file system to our ec2 instance!

Cleaning Up

Please use the following steps provided below to properly clean up the resources you’ve created during this tutorial.

Sidenote: If you used a cloud sandbox like me, the only action you need to take is to close your incognito browser windows.

Terminating the ec2 Instance
Open the ec2 console, in the navigation pane — choose instances.

  • Select the instance created for this tutorial, choose actions, instance state, terminate.
  • Once more, select yes, Terminate when prompted for confirmation.

Delete the EFS File System
Open the EFS console and on the file systems page, select the file system created for this tutorial.

  • Choose delete and in the delete file system dialog box, enter the file system ID shown, and choose confirm to confirm the deletion.




Carl Hayes

An avid techie, hip-hop music enthusiast and photo taker. If it involves a terminal, there is a high chance you will find me in it.