Access the Amazon Elastic File System (EFS) from multiple VPC using VPC Peering

When there are different environments (development, quality, production) in AWS, and we separate them in many VPC's or AWS accounts, but need access to the same EFS (Elastic File System), we can apply a configuration with VPC Peering.

Definitions

Amazon Elastic File System (EFS)

Amazon Elastic File System (Amazon EFS) provides a simple, serverless, set-and-forget, elastic file system that lets you share file data without provisioning or managing storage. 1

VPC peering

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network. 2

For example:

We have two VPC in the same region with EFS connection using VPC Peering.

Steps

1- Create VPC Peering: Here I share a guide with information and configuration of the VPC Peering. https://docs.aws.amazon.com/vpc/latest/peering/create-vpc-peering-connection.html#create-vpc-peering-connection-local

For example, we create VPC Peering with the following network.

Name: VPC-A: 10.8.0.0/16
Name: VPC-B: 172.31.0.0/16

2- Later in the previous phase, we configure and create EFS. Here I share guide: https://docs.aws.amazon.com/efs/latest/ug/gs-step-two-create-efs-resources.html

For example: we create an EFS with ID fs-da19746e on VPC 10.8.0.0/16

3- Now, we set up our EFS in Ubuntu Linux instance the network 10.8.0.0/16

Before this, we create a directory /efs/shared, and we edit file /etc/fstab and add the following line:

fs-da19746e.efs.us-east-1.amazonaws.com:/ /efs-shared nfs4 defaults,_netdev 0 0

We check that it is set up EFS using the command: df -h

Now, we create a file with two lines.

And we repeat the previous step but, now with the instance in VPC 172.3.1.0.0/16 however, for a successful connection, we must make the last command’s.

4- Open a Cloud Shell in the Virginia region, then execute the following command:

aws efs describe-mount-targets --file-system-id fs-da19746e

Obtain the interface IP of the EFS and write the following command in the instance EC2 the VPC 172.31.0.0/16

echo "10.8.1.81 fs-da19746e.efs.us-east-1.amazonaws.com" | sudo tee -a /etc/hosts

Later, we execute the same process and create directory /efs-shared and add it, then set up the disk in /etc/fstab the instance EC2 with the following command: mount /efs/shared. Finally, we verify if there is a file with the name "test".

With these steps, now we have obtained EFS access in the different VPC no matter where EFS are configured.

Recommendations:

● Verify that the security group is attached to the EFS and available open port TCP:2049.

● VPC Peering has route tables that associate the connection with the EC2 instances.

● For this example, we use a network interface, the EFS, but you can use more interfaces in different subnets associated with the VPC.

● You can connect VPC Peering with different AWS accounts and other regions in the same account; however, it is important that the networks are not the same because VPC Peering doesn't accept the equal networks.