.TH "EFS" "8"
.SH "NAME"
\fBmount\&.efs\fR \- Mount helper for using Amazon EFS file systems\&.
.SH "SYNOPSIS"
.sp
\fBmount\&.efs\fR \fIfs-id-or-dns-name\fR \fImount-point\fR [\fB\-o\fR \fIoptions\fR]
.SH "DESCRIPTION"
.sp
\fBmount\&.efs\fR is part of the \fBamazon\-efs\-utils\fR \
package, which simplifies using EFS file systems\&.
.sp
\fBmount\&.efs\fR is meant to be used through the \
\fBmount\fR(8) command for mounting EFS file systems\&.
.sp
\fIfs-id-or-dns-name\fR has to be of one of the following \
two forms:
.P
.IP \(bu
An EFS filesystem ID in the form of "fs\-abcd1234", generated \
when the file system is created\&.
.IP \(bu
A domain name that has a resolvable DNS-CNAME record, \
which in turn points to a fully-qualified EFS DNS name \
in the form of "fs\-abcd1234\&.efs\&.us-east-1\&.amazonaws\&.com"\&.
.P
\fImount-point\fR is the local directory \
on which the file system will be mounted\&.
.sp
\fBmount\&.efs\fR automatically applies the following NFS options:
.sp
.if n \{\
.RS 4
.\}
.nf
nfsvers=4\&.1
rsize=1048576
wsize=1048576
hard
timeo=600
retrans=2
noresvport
.fi
.if n \{\
.RE
.\}
.sp
By default, when using the Amazon EFS mount helper with Transport \
Layer Security (TLS), the mount helper enforces the use of Online \
Certificate Status Protocol (OCSP) and certificate hostname checking\&. \
These options can be configured in the config file located at \
\fI/etc/amazon/efs/efs\-utils\&.conf\&\fR.
.sp
Additionally, the Amazon EFS mount helper has built\-in logging for \
troubleshooting purposes\&. These logs are located at \fI/var/log/amazon/efs\fR\&.
.sp
It is possible to configure your Amazon EC2 instance to automatically \
remount your Amazon EFS file system when it reboots. For more information, \
see the online documentation at: \
\fIhttps://docs\&.aws\&.amazon\&.com/efs/latest/ug/mount\-fs\-auto\-mount\-onreboot\&.html\fR\&.
.SH "OPTIONS"
.sp
\fB\-o\fR, Options are specified with a \fB\-o\fR flag followed by a \
comma separated string of options\&. All of the options specified in \
\fBnfs(5)\fR are available, in addition to the following EFS-specific \
options:
.if n \{\
.RS 4
.\}
.TP
\fBtls\fR
Mounts the EFS file system over TLS\&.
.TP
\fBtlsport=\fR\fIn\fR
Configure the TLS relay to listen on the specified port\&.
.TP
\fBverify=\fR\fIn\fR
Verify TLS certificates using the specified stunnel verify level\&. For \
more information, see \fBstunnel(8)\fR\&.
.TP
\fBocsp / noocsp\fR
Selects whether to perform OCSP validation on TLS certificates\&, \
overriding /etc/amazon/efs/efs-utils.conf. \
For more information, see \fBstunnel(8)\fR\&.
.TP
\fBiam\fR
Use the system's IAM identity to authenticate with EFS. The mount helper will try \
to retrieve the required IAM credentials from the following locations: the EC2 instance \
profile, the AWS CLI credentials file (~/.aws/credentials), and the AWS CLI config \
file (~/.aws/config). The first location that has credentials will be used. \
This option requires the \fBtls\fR option\&.
.TP
\fBaccesspoint\fR
Mount the EFS file system using the specified access point. This option requires the \
\fBtls\fR option\&. The access point must be in the "available" state before it \
can be used to mount EFS\&.
.TP
\fBawsprofile\fR
Use the named profile used to lookup IAM credentials in the AWS CLI credentials file \
(~/.aws/credentials) or AWS CLI config file (~/.aws/config). If "awsprofile" is not \
specified, the "default" profile is used\&.
.TP
\fBawscredsuri\fR
Use the relative uri to lookup IAM credentials from ecs task metadata endpoint\&.
.TP
\fBcafile\fR
Use the cafile as the stunnel certificate authority file.\&.
.TP
\fBnetns\fR
Mount the EFS file system to the specified network namespace\&.
.TP
\fBaz\fR
Mount the EFS file system to the specified availability zone mount target\&.
.TP
\fBmountport\fR
Use the port 2049 to bypass portmapper daemon on EC2 Mac instances running macOS Big Sur\&.
.if n \{\
.RE
.\}
.SH "EXAMPLES"
.TP
sudo mount -t efs fs-abcd1234 /mnt/efs
Mount an EFS file system with file system ID "fs-abcd1234" at mount point \
"/mnt/efs" without encryption of data in transit\&.
.TP
sudo mount -t efs -o netns=/proc/1/net/ns fs-abcd1234 /mnt/efs
Mount an EFS file system with file system ID "fs-abcd1234" at mount point \
"/mnt/efs" without encryption of data in transit in given network namespace \
'/proc/1/net/ns'
.TP
sudo mount -t efs -o az=us-east-1a fs-abcd1234 /mnt/efs
Mount an EFS file system with file system ID "fs-abcd1234" at mount point \
"/mnt/efs" to the mount target in availability zone us-east-1a
.TP
sudo mount -t efs fs-abcd1234:/child /mnt/efs
Mount a non-root directory of an EFS file system with file system ID \
"fs-abcd1234" at mount point "/mnt/efs" without encryption of data in transit\&.
.TP
sudo mount -t efs -o tls fs-abcd1234 /mnt/efs
Mount an EFS file system with file system ID "fs-abcd1234" at mount point \
"/mnt/efs" using encryption of data in transit\&.
.TP
sudo mount -t efs -o tls,verify=0 fs-abcd1234 /mnt/efs
Mount an EFS file system with file system ID "fs-abcd1234" at mount point \
"/mnt/efs" using encryption of data in transit and a verify level of 0\&.
.TP
sudo mount -t efs -o tls,ocsp fs-abcd1234 /mnt/efs
Mount an EFS file system with file system ID "fs-abcd1234" at mount point \
"/mnt/efs" using encryption of data in transit and with OCSP validation enabled\&.
.TP
sudo mount -t efs custom-cname.example.com /mnt/efs
Mount an EFS file system using the custom DNS name \
"custom-cname\&.example\&.com" \(em which has to \
resolve to a fully-qualified EFS DNS name such as \
"fs\-abcd1234\&.efs\&.us-east-1\&.amazonaws\&.com" \
\(em at mount point "/mnt/efs" without encryption \
of data in transit\&.
.TP
sudo mount -t efs -o tls custom-cname.example.com /mnt/efs
Mount an EFS file system using the custom DNS name \
"custom-cname\&.example\&.com" \(em which has to \
resolve to a fully-qualified EFS DNS name such as \
"fs\-abcd1234\&.efs\&.us-east-1\&.amazonaws\&.com" \
\(em at mount point "/mnt/efs" using encryption \
of data in transit\&.
.TP
sudo mount -t efs -o tls,iam fs-abcd1234 /mnt/efs
Mount an EFS file system with file system ID "fs-abcd1234" at mount point "/mnt/efs" \
with encryption of data in transit. The mount helper will authenticate with EFS using \
the system's IAM identity\&.
.TP
sudo mount -t efs -o tls,accesspoint=fsap-12345678 fs-abcd1234 /mnt/efs
Mount an EFS file system with file system ID "fs-abcd1234" at mount point "/mnt/efs" \
with encryption of data in transit. The file system is mounted using the access point \
"fsap-12345678"\&.
.SH "FILES"
.TP
\fI/sbin/mount.efs\fR
The executable for the Amazon EFS mount helper\&.
.TP
\fI/usr/bin/amazon-efs-mount-watchdog\fR
The executable for the supervisor process that monitors the network relay\&.
.TP
\fI/etc/amazon/efs/efs-utils.conf\fR
The configuration file for the Amazon EFS mount helper\&.
.TP
\fI/etc/amazon/efs/efs-utils.crt\fR
The default Certificate Authority file used by the Amazon EFS mount helper\&.
.TP
\fI/etc/init/amazon-efs-mount-watchdog.conf\fR
The configuration file for the supervisor process\&.
.TP
\fI/var/log/amazon/efs/\fR
The directory where logs for the Amazon EFS mount helper, the stunnel network \
relay, and the supervisor process are stored\&.
.TP
\fI/usr/share/man/man8/mount.efs.8\fR
The man page for the Amazon EFS mount helper\&.
.SH "NOTES"
.sp
For more information on using the \fBamazon\-efs\-utils\fR package, see \
\fIhttps://docs\&.aws\&.amazon\&.com/efs/latest/ug/using\-amazon\-efs\-utils\&.html\fR \
in the Amazon EFS User Guide\&.
.sp
The paths on EC2 MacOS instances are relocated under /usr/local/Cellar/amazon-efs-utils/<version>/libexec directory.
.SH "SEE ALSO"
.sp
\fBnfs(8)\fR, \fBstunnel(8)\fR, \fBfstab(5)\fR
.SH "COPYING"
.sp
Copyright 2017\-2018 Amazon\&.com, Inc\&. and its affiliates\&. All Rights Reserved\&.