Exercise: Create and mount an Amazon EFS file system

Natasha Ong
This is some text inside of a div block.
4 min read

Exercise overview:

In this hands-on exercise, you will:

  • Create a new file system
  • Mount* it to a new EC2 instance
  • Verify that the file system is mounted on the EC2 instance
  • Delete resources created in this tutorial.
*Mount = Make a file system accessible and available on a computer. For example, plugging in a USB drive to a computer is mounting, because it lets your computer read and write its files. In this exercise, you're mounting Amazon EFS to an EC2 instance, so that the instance can use it for storing and retrieving files.


By the end of this exercise, you should be able to mount an Amazon Elastic File System (Amazon EFS) file system to an Amazon Elastic Compute Cloud (Amazon EC2) instance using the NEW EC2 Launch Instance Wizard.

Task 0: Accessing the AWS Management Console

  1. Sign in to your IAM user and open the AWS Management Console.
  2. Select your preferred region for doing this exercise. We recommend picking the region that's closest to you.

Task 1: Create a custom VPC

In this task, you will create a custom VPC that you will use for this exercise.

1. At the top of your console, search for and choose VPC in the search bar.

2. At the top of the left navigation pane, select Your VPCs.

3. Navigate to the top right corner, and select Create VPC.

4. On the Create VPC page, choose VPC and more.

5. Configure the following settings for launching a VPC:

  • Name tag auto-generation: In this setting, you can choose to select Auto-generate for easier and faster setup. Enter the name EC2-VPC
  • IPv4 CIDR block:
  • Number of Availability Zones (AZs): 1
  • Number of public subnets: 1
  • Number of private subnets: 0
  • Expand Customize subnets CIDR blocks
  • Enter
  • NAT gateways ($): None
  • VPC endpoints: None
  • Leave the other settings as defaults

It should look similar to this setup:

6. Choose Create VPC.

Notice the details steps that shows up on the screen. You would be doing all of that one one by one if virtual network services didn't exist! Instead, you've successfully set up a VPC with a one-pager setup. (Thanks, AWS!)

Bonus: If we were to draw a diagram of what we created, it would look like this:

Task 2: Create the security groups

In this task, you will create two security groups - one that is attached to the Amazon EC2 instance, and one that is attached to the Amazon EFS file system.

1. Ensure you are in the same region when you create the custom VPC.

2. In the left navigation pane, choose Security groups. There will be a default security group listed.

Now we'll create the following two additional security groups in the default VPC.

  • EC2-sg: linked to the EC2 instance, this security group lets in SSH connections to the instance and lets out all outbound connectivity.
  • EFS-sg: linked to the EFS file system, this security group exclusively lets in TCP connections on port 2409* from the EC2 instance. It also lets out all outbound connections.
*A TCP connection on port 2409 is the default port for the NFS protocol, which is essential for configuring the EFS file system. More on NFS in the next few steps!

3. Click Create security group:

  • Security group name: EC2-sg
  • Description: SSH connection
  • VPC: Your Custom VPC.
  • Inbound rules: Click Add rules.
  • In the first rule under Type, choose SSH. For the Source/Source type, choose Anywhere IPv4.
  • The outbound rules are already perfect - no edits needed!
  • Tags - optional:
  • Key: Name
  • Value: EC2-sg
  • Choose Create security group.

4. Let's create a second security group for EFS:

  • Security group name: EFS-sg
  • Description: Allow only EC2
  • VPC: Your Custom VPC.
  • Inbound rules: Click Add rules.
  • In the first rule under Type, choose NFS*. For the Source/Source type, choose Custom and choose the security group EC2-sg that you've created
*The NFS (Network File System) protocol is a special set of rules that lets computers share files with each other over a network, like the internet. EFS helps you use NFS, so you can store your files in a way that's easy to use with the internet and other computers.
  • Tags - optional:
    Key: Name
    Value: EFS-sg
  • Choose Create security group.

Notice! You should have two new security groups.

Security group 1
Security group 2

In the next task, you will create the EFS file system.

Task 3: Create the EFS file system

In this task, you will use Amazon Elastic File System (Amazon EFS) to create the file system.

1. Search for EFS at the top of the console.

2. Choose Create file system.

3. On the Create file system pop up, choose Customize.

4. On the File system settings, configure the following:

  • Name - optional: EFS-exercise
  • Storage class: Standard.
  • Automatic backups: Uncheck Enable automatic backups.
  • Lifecycle management - Transition into IA: None.
*Lifecycle management = automatically moving files to a more cost-effective storage class called Infrequent Access (IA) when they haven't been used for a while. This helps save on storage costs. We won't be using it in a short-term exercise, so let's click None today.
  • Encryption: Uncheck Enable encryption of data at rest.
Since this is a short exercise, you don't need to encrypt your file systems. However, if you're in production you should encrypt the file system's data at rest.
  • Throughput mode: Bursting.
Throughput mode = how fast your file system can read and write data. Bursting is often the better choice due to its simplicity and cost-effectiveness. Pick Provisioned/Enhanced if you need a fixed and consistent level of throughput whether you use it or not.
  • Tags:
    - Tag key: Name
    - Tag value: EFS-exercise

5. Choose Next.

6. On the Network access settings, configure the following:

  • VPC: Choose the custom VPC that you've created
  • Mount targets:
    Availability zone: us-west-2a (this might be different, depending on which Availability Zone you choose when you are setting up your VPC in Task 1)
    Security groups: Remove the default security groups and choose EFS-sg

11. Choose Next.

12. You don't need to set up a File system policy for now. Choose Next.

13. Choose Create.

Task 4: Launch the EC2 instance and mount the file system

In this task, you will launch an Amazon EC2 instance and then mount the file system to the EC2 instance.

Note: Make sure you're still in the same region earlier when you create the EFS file system.

1. Hop into the EC2 console.

2. From the EC2 dashboard, select Instances. Select Launch instances.

3. Configure the following settings:

  • Name: MyEC2-NFS Instance
  • AMI: Choose Amazon Linux 2023 AMI
  • Instance type: t2.micro
  • Key pair: Select Create new key pair
  • Key pair name: PubKeyPair
  • Key pair type: RSA
  • Private key file format: For the private key file format you have two options, either .pem or .ppk. Choose any file format depending on what Operating System you using.
  • .pem - use this if you're a macOS/Linux user
  • .ppk - use this if you're a Microsoft Windows user.
  • Choose Create key pair.
  • Scroll to the Network settings panel below. Choose Edit and configure the following settings:
  • VPC - required: Choose the custom VPC that you've created from the previous task
  • Subnet: Ensure you selected the Public subnet (this is where you will launch your EC2 instance)
  • Auto-assign public IP: Choose Enable
  • Firewall (security groups): Select existing security group. From the Common security groups drop-down, and select EC2-sg. This is the security group you've created in the previous task.

4. On the Configure storage, click Advanced

5. On the File systems, click Show details.

6. Ensure the EFS is selected. Choose Add shared file system. It will automatically detect the EFS file system that you've created in the previous task

  • Uncheck the box for Automatically create and attach security groups since you already created the security group for EFS filesystem in the previous task.
  • Check the box for Automatically mount shared file system by attaching required user data script.
  • Expand the Advanced details. Scroll down at the bottom, and observe the User data script. It automatically writes a script for you because you selected Automatically mount shared file system by attaching required user data script.
Note: This script essentially automates the setup and mounting of an EFS or NFS file system on an EC2 instance, and other manual tasks such as such as installing the file system client, installing the EFS mount helper (for Amazon Linux only), and updating the EC2 instance properties so that the file system mounts automatically upon instance reboot.

7. Choose Launch instance. Wait for a couple of minutes to become Running state and Checks passed 2/2 status checks.

Task 5: Verify EFS file system is mounted

In this task, you will connect to your Amazon EC2 instance and verify that the Amazon EFS file system is mounted.

1. In the EC2 left hand navigation pane, choose Instances, then select the EC2 instance you created in the previous task and choose Connect.

2. In the Connect to instance page, choose Connect using EC2 Instance Connect and then choose Connect.

EC2 Instance Connect makes it easy to securely access your Linux-based EC2 instances. It does this without the usual hassle of managing SSH key pairs. Instead, it relies on IAM roles to provide temporary access, simplifying the process and boosting security.

3. A new tab will appear which is the AWS CLI of your EC2 instance. To check if the EFS file system has been mounted, type the command: df -T -h

You'll learn a lot more about the CLI later in the course. For now, think of it as a fast way to navigate your AWS environment (using code, instead of clicks in the AWS Console).

You can see that the EFS File System is mounted at mnt/efs/fs1 which is the same default path as mentioned in Task 4 step 6b. This verifies that your file system is successfully mounted on the EC2 instance.

Task 6: Clean up

Let's clean up the resources you created in this exercise.

As always, it's best practice to delete instances and resources that you are no longer using so that you are not continually charged for them.  

Challenge: See if you can delete the following resources on your own:

  • EC2 instance
  • EFS file system
  • The custom VPC




Hmm... feeling stuck? Want to make sure you've done everything? No worries, here are the detailed steps:

Delete EC2 instance

  1. Open the Amazon EC2 console. In the navigation pane, choose Instances
  2. Select the instance you created for this tutorial, and choose Actions, Instance State, Terminate
  3. Choose Terminate when prompted for confirmation

Delete EFS file system

  1. Open the Amazon EFS console.
  2. Select the file system that you've created, and choose Delete. There's a prompt will appear just type the file system's ID and choose Continue

You have successfully deleted the EFS file system.

Delete VPC and its components

  1. Open the VPC console, select the custom VPC that you've created, and under Actions choose Delete VPC. On the prompt, just type delete and choose Delete.

The VPC and its components are being deleted.

You successfully deleted the VPC and other networking resources.

Congratulations! You have completed the hands-on exercise! You have successfully mounted an Amazon EFS file system to an Amazon EC2 instance!