mount.efs.8 7.67 KB
Newer Older
1
2
3
4
5
.TH "EFS" "8"
.SH "NAME"
\fBmount\&.efs\fR \- Mount helper for using Amazon EFS file systems\&.
.SH "SYNOPSIS"
.sp
6
\fBmount\&.efs\fR \fIfs-id-or-dns-name\fR \fImount-point\fR [\fB\-o\fR \fIoptions\fR]
7
8
9
10
11
12
13
14
.SH "DESCRIPTION"
.sp
\fBmount\&.efs\fR is part of the \fBamazon\-efs\-utils\fR \
package, which simplifies using EFS file systems\&.
.sp
\fBmount\&.efs\fR is meant to be used through the \
\fBmount\fR(8) command for mounting EFS file systems\&.
.sp
15
16
\fIfs-id-or-dns-name\fR has to be of one of the following \
two forms:
17
18
19
20
21
22
23
24
25
26
.P
.IP \(bu
An EFS filesystem ID in the form of "fs\-abcd1234", generated \
when the file system is created\&.
.IP \(bu
A domain name that has a resolvable DNS-CNAME record, \
which in turn points to a fully-qualified EFS DNS name \
in the form of "fs\-abcd1234\&.efs\&.us-east-1\&.amazonaws\&.com"\&.
.P
\fImount-point\fR is the local directory \
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
on which the file system will be mounted\&.
.sp
\fBmount\&.efs\fR automatically applies the following NFS options:
.sp
.if n \{\
.RS 4
.\}
.nf
nfsvers=4\&.1
rsize=1048576
wsize=1048576
hard
timeo=600
retrans=2
noresvport
.fi
.if n \{\
.RE
.\}
.sp
By default, when using the Amazon EFS mount helper with Transport \
Layer Security (TLS), the mount helper enforces the use of Online \
Certificate Status Protocol (OCSP) and certificate hostname checking\&. \
These options can be configured in the config file located at \
\fI/etc/amazon/efs/efs\-utils\&.conf\&\fR.
.sp
Additionally, the Amazon EFS mount helper has built\-in logging for \
troubleshooting purposes\&. These logs are located at \fI/var/log/amazon/efs\fR\&.
.sp
It is possible to configure your Amazon EC2 instance to automatically \
remount your Amazon EFS file system when it reboots. For more information, \
see the online documentation at: \
\fIhttps://docs\&.aws\&.amazon\&.com/efs/latest/ug/mount\-fs\-auto\-mount\-onreboot\&.html\fR\&.
.SH "OPTIONS"
.sp
\fB\-o\fR, Options are specified with a \fB\-o\fR flag followed by a \
comma separated string of options\&. All of the options specified in \
\fBnfs(5)\fR are available, in addition to the following EFS-specific \
options:
.if n \{\
.RS 4
.\}
.TP
\fBtls\fR
Mounts the EFS file system over TLS\&.
.TP
\fBtlsport=\fR\fIn\fR
Configure the TLS relay to listen on the specified port\&.
.TP
\fBverify=\fR\fIn\fR
Verify TLS certificates using the specified stunnel verify level\&. For \
more information, see \fBstunnel(8)\fR\&.
79
80
81
82
83
.TP
\fBocsp / noocsp\fR
Selects whether to perform OCSP validation on TLS certificates\&, \
overriding /etc/amazon/efs/efs-utils.conf. \
For more information, see \fBstunnel(8)\fR\&.
84
85
86
87
88
89
90
91
92
93
.TP
\fBiam\fR
Use the system's IAM identity to authenticate with EFS. The mount helper will try \
to retrieve the required IAM credentials from the following locations: the EC2 instance \
profile, the AWS CLI credentials file (~/.aws/credentials), and the AWS CLI config \
file (~/.aws/config). The first location that has credentials will be used. \
This option requires the \fBtls\fR option\&.
.TP
\fBaccesspoint\fR
Mount the EFS file system using the specified access point. This option requires the \
94
95
\fBtls\fR option\&. The access point must be in the "available" state before it \
can be used to mount EFS\&.
96
97
98
99
100
.TP
\fBawsprofile\fR
Use the named profile used to lookup IAM credentials in the AWS CLI credentials file \
(~/.aws/credentials) or AWS CLI config file (~/.aws/config). If "awsprofile" is not \
specified, the "default" profile is used\&.
101
.TP
102
103
104
105
106
107
108
109
110
111
112
113
114
\fBawscredsuri\fR
Use the relative uri to lookup IAM credentials from ecs task metadata endpoint\&.
.TP
\fBcafile\fR
Use the cafile as the stunnel certificate authority file.\&.
.TP
\fBnetns\fR
Mount the EFS file system to the specified network namespace\&.
.TP
\fBaz\fR
Mount the EFS file system to the specified availability zone mount target\&.
.TP
\fBmountport\fR
115
Use the port 2049 to bypass portmapper daemon on EC2 Mac instances running macOS Big Sur\&.
116
117
118
119
120
121
122
123
124
.if n \{\
.RE
.\}
.SH "EXAMPLES"
.TP
sudo mount -t efs fs-abcd1234 /mnt/efs
Mount an EFS file system with file system ID "fs-abcd1234" at mount point \
"/mnt/efs" without encryption of data in transit\&.
.TP
125
126
127
128
129
sudo mount -t efs -o netns=/proc/1/net/ns fs-abcd1234 /mnt/efs
Mount an EFS file system with file system ID "fs-abcd1234" at mount point \
"/mnt/efs" without encryption of data in transit in given network namespace \
'/proc/1/net/ns'
.TP
130
131
132
133
sudo mount -t efs -o az=us-east-1a fs-abcd1234 /mnt/efs
Mount an EFS file system with file system ID "fs-abcd1234" at mount point \
"/mnt/efs" to the mount target in availability zone us-east-1a
.TP
134
135
136
137
138
139
140
141
142
143
144
sudo mount -t efs fs-abcd1234:/child /mnt/efs
Mount a non-root directory of an EFS file system with file system ID \
"fs-abcd1234" at mount point "/mnt/efs" without encryption of data in transit\&.
.TP
sudo mount -t efs -o tls fs-abcd1234 /mnt/efs
Mount an EFS file system with file system ID "fs-abcd1234" at mount point \
"/mnt/efs" using encryption of data in transit\&.
.TP
sudo mount -t efs -o tls,verify=0 fs-abcd1234 /mnt/efs
Mount an EFS file system with file system ID "fs-abcd1234" at mount point \
"/mnt/efs" using encryption of data in transit and a verify level of 0\&.
145
.TP
146
147
148
149
sudo mount -t efs -o tls,ocsp fs-abcd1234 /mnt/efs
Mount an EFS file system with file system ID "fs-abcd1234" at mount point \
"/mnt/efs" using encryption of data in transit and with OCSP validation enabled\&.
.TP
150
151
152
153
154
155
156
sudo mount -t efs custom-cname.example.com /mnt/efs
Mount an EFS file system using the custom DNS name \
"custom-cname\&.example\&.com" \(em which has to \
resolve to a fully-qualified EFS DNS name such as \
"fs\-abcd1234\&.efs\&.us-east-1\&.amazonaws\&.com" \
\(em at mount point "/mnt/efs" without encryption \
of data in transit\&.
157
158
159
160
161
162
163
164
.TP
sudo mount -t efs -o tls custom-cname.example.com /mnt/efs
Mount an EFS file system using the custom DNS name \
"custom-cname\&.example\&.com" \(em which has to \
resolve to a fully-qualified EFS DNS name such as \
"fs\-abcd1234\&.efs\&.us-east-1\&.amazonaws\&.com" \
\(em at mount point "/mnt/efs" using encryption \
of data in transit\&.
165
166
167
168
169
170
171
172
173
174
.TP
sudo mount -t efs -o tls,iam fs-abcd1234 /mnt/efs
Mount an EFS file system with file system ID "fs-abcd1234" at mount point "/mnt/efs" \
with encryption of data in transit. The mount helper will authenticate with EFS using \
the system's IAM identity\&.
.TP
sudo mount -t efs -o tls,accesspoint=fsap-12345678 fs-abcd1234 /mnt/efs
Mount an EFS file system with file system ID "fs-abcd1234" at mount point "/mnt/efs" \
with encryption of data in transit. The file system is mounted using the access point \
"fsap-12345678"\&.
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
.SH "FILES"
.TP
\fI/sbin/mount.efs\fR
The executable for the Amazon EFS mount helper\&.
.TP
\fI/usr/bin/amazon-efs-mount-watchdog\fR
The executable for the supervisor process that monitors the network relay\&.
.TP
\fI/etc/amazon/efs/efs-utils.conf\fR
The configuration file for the Amazon EFS mount helper\&.
.TP
\fI/etc/amazon/efs/efs-utils.crt\fR
The default Certificate Authority file used by the Amazon EFS mount helper\&.
.TP
\fI/etc/init/amazon-efs-mount-watchdog.conf\fR
The configuration file for the supervisor process\&.
.TP
\fI/var/log/amazon/efs/\fR
The directory where logs for the Amazon EFS mount helper, the stunnel network \
relay, and the supervisor process are stored\&.
.TP
\fI/usr/share/man/man8/mount.efs.8\fR
The man page for the Amazon EFS mount helper\&.
.SH "NOTES"
.sp
For more information on using the \fBamazon\-efs\-utils\fR package, see \
\fIhttps://docs\&.aws\&.amazon\&.com/efs/latest/ug/using\-amazon\-efs\-utils\&.html\fR \
in the Amazon EFS User Guide\&.
203
204
.sp
The paths on EC2 MacOS instances are relocated under /usr/local/Cellar/amazon-efs-utils/<version>/libexec directory.
205
206
207
208
209
210
.SH "SEE ALSO"
.sp
\fBnfs(8)\fR, \fBstunnel(8)\fR, \fBfstab(5)\fR
.SH "COPYING"
.sp
Copyright 2017\-2018 Amazon\&.com, Inc\&. and its affiliates\&. All Rights Reserved\&.