安装时aws efs连接超时 [英] aws efs connection timeout at mount

问题描述

我正在遵循此教程来安装efs在AWS EC2实例上，但是当Iam执行mount命令

I am following this tutorial to mount efs on AWS EC2 instance but when Iam executing the mount command

sudo mount -t nfs4 -o vers=4.1 $(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone).[EFS-ID].efs.[region].amazonaws.com:/ efs

每次都超时。

mount.nfs4: Connection timed out

这里可能是什么问题？

谢谢！

推荐答案

我发现此处接受的答案不正确&是不安全的，而Bao的答案非常接近-除非您不需要EC2（挂载目标）安全组上的NFS入站。您只需要将一个安全组分配给您的EC2（即使没有规则），以便您的EFS安全组可以被限制为该安全组...您知道，为了安全！我发现的方法如下：

I found the accepted answer here to be incorrect & insecure, and Bao's answer above is very close - except you don't need NFS Inbound on your EC2 (mount target) security group. You just need a security group assigned to your EC2 (even with no rules) so that your EFS Security group can be limited to that security group... you know, for security! Here's what I found works:

• 为您的EC2实例创建一个新的安全组。将其命名为 EFS Target ，并将所有规则保留为空


• 为EFS挂载创建新的安全组。将其命名为 EFS Mount ，然后在其中为NFS添加 inbound 规则。将此规则的源设置为您在上面创建的 EFS目标安全组。这将EFS限制为只能连接到分配了 EFS装载安全组的EC2实例（请参见下文）。如果您不担心，可以从Source下拉列表中选择 Any，它的工作原理相同，而无需增加安全级别


• 转到EC2控制台，并假设您要添加额外的安全性，将 EFS目标组添加到您的EC2实例


• 转到EFS控制台，选择您的EFS并选择管理文件系统访问
  
  
  
  
  • 对于每个EFS挂载目标（可用区域），您需要添加 EFS挂载安全组并删除 VPC默认组（如果尚未安装）
  
  
  • Create a new security group for your EC2 instance. Name it EFS Target, and leave all the rules blank
  • Create a new security group for your EFS Mount. Name it EFS Mount, and in this one add the inbound rule for NFS. Set the SOURCE for this rule to the EFS Target security group you created above. This limits EFS to only being able to connect to EC2 instances that have the EFS Mount security group assigned (See below). If you're not worried about that, you can select "Any" from the Source dropdown and it'll work just the same, without the added level of security
  • Go to the EC2 console, and add the EFS Target group to your EC2 instance, assuming you're adding the extra security
  • Go to the EFS Console, select your EFS and choose Manage File System Access
    • For each EFS Mount Target (availability zone), you need to add the EFS Mount security group and remove the VPC Default group (if you haven't already)

    我不喜欢他们在EC2作为挂载目标方面如何混用本地语言，但是EFS还为每个可用性区域都有单独的安装目标。使他们的文档非常混乱，但是按照上述步骤操作，使我可以在Ubuntu服务器上安全地安装EFS。

    I don't like how they mixed vernacular here in terms of EC2 being a mount-target, but also EFS has individual mount-targets for each availability zone. Makes their documentation very confusing, but following the steps above allowed me to mount an EFS securely on an Ubuntu server.

    这篇关于安装时aws efs连接超时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！