How to Use Amazon EFS: Mount to EC2 and Build Shared Storage
When you need multiple EC2 instances or Lambda functions to access the same files, Amazon EFS (Elastic File System) is the right tool. While EBS is block storage that attaches one-to-one to an instance, EFS can be NFS-mounted over the network, allowing multiple compute resources to share files. This article walks through how EFS works and the steps to mount and use it.
What is Amazon EFS?
Amazon EFS is a fully managed NFS file system service provided by AWS. When you create a file system, data is automatically replicated across multiple Availability Zones (AZs). Storage capacity scales automatically based on usage, so there's no need to estimate capacity or pre-provision storage.
It can be accessed from various AWS compute services including EC2, ECS, EKS, and Lambda, and you can work with files using the same commands as a standard Linux file system.
What is Amazon Elastic File System? - Amazon Elastic File System
Amazon Elastic File System (Amazon EFS) provides serverless, fully elastic file storage so that you ...
docs.aws.amazon.comStorage Classes and Lifecycle Management
EFS has four storage classes. Choosing the right class based on access frequency helps optimize costs.
| Storage Class | Description |
|---|---|
| Standard | For frequently accessed data. Multi-AZ redundancy |
| Standard-IA | For infrequently accessed data. Lower cost than Standard, but reads incur an additional charge |
| One Zone | Stored in a single AZ. Lower cost than Standard |
| One Zone-IA | For infrequently accessed data in a single AZ. Lowest cost option |
With a lifecycle policy, files that haven't been accessed for a set period are automatically moved to an infrequent access class. This is useful when you have a mix of frequently and infrequently accessed files.
Managing storage lifecycle - Amazon Elastic File System
Use lifecycle management to automatically transition data between storage classes according to lifec...
docs.aws.amazon.comPerformance Modes and Throughput Modes
EFS offers two performance modes and three throughput modes. Choose the right combination for your use case.
Performance Modes
The performance mode is selected when creating the file system and cannot be changed afterward, so choose based on your use case.
| Mode | Description |
|---|---|
| General Purpose | Suitable for most workloads. Recommended setting |
| Max I/O | For large-scale distributed processing with many clients accessing in parallel. Slightly higher latency |
Throughput Modes
For new file systems, Elastic throughput is a good choice as it balances cost and performance.
| Mode | Description |
|---|---|
| Elastic | Throughput automatically scales up and down as needed. Best for unpredictable workloads |
| Provisioned | Specify the required throughput in advance. Use when you need consistent write throughput |
| Bursting | Base throughput is determined by the storage size |
Amazon EFS performance specifications - Amazon Elastic File System
A file system's settings, including its performance mode and throughput mode, impacts its latency, I...
docs.aws.amazon.comDifferences Between EBS and EFS
Understanding the differences between EBS and EFS helps you decide which one to use. EFS is a good fit when multiple servers need to read and write the same files, or when you need to persist container data across restarts.
| Comparison | EBS | EFS |
|---|---|---|
| Access method | Directly attached to EC2 (block device) | Mounted via NFS v4 |
| Simultaneous connections | Basically one instance | Multiple instances simultaneously |
| Cross-AZ sharing | Not supported | Supported |
| Capacity management | Fixed size defined upfront | Scales automatically |
| Main use cases | Storage dedicated to a single EC2 instance | Shared files, content management, machine learning |
Security Group Configuration
To connect from EC2 to EFS, you need to configure security groups that allow NFS traffic (TCP port 2049) on both the EC2 instance and the EFS mount target.
| Resource | Direction | Protocol | Port | Source / Destination |
|---|---|---|---|---|
| EC2 security group | Outbound | TCP | 2049 | EFS mount target security group |
| EFS mount target security group | Inbound | TCP | 2049 | EC2 security group |
EC2 and EFS must also be in the same VPC. To access from a different VPC, you need to route through VPC Peering or Transit Gateway.
Using VPC security groups - Amazon Elastic File System
Configure Amazon VPC security groups to control network traffic between EC2 instances and EFS mount ...
docs.aws.amazon.comUsing EFS with the AWS CLI
Let's walk through creating an EFS file system and mounting it on EC2 using the AWS CLI.
Create an EFS File System
Use the create-file-system command to create a file system. Set the performance mode to generalPurpose and the throughput mode to elastic.
❯ aws efs create-file-system \
--performance-mode generalPurpose \
--throughput-mode elastic \
--encrypted \
--tags Key=Name,Value=my-efs
Output
{
"OwnerId": "123456789012",
"CreationToken": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"FileSystemId": "fs-0a1b2c3d4e5f67890",
"FileSystemArn": "arn:aws:elasticfilesystem:us-east-1:123456789012:file-system/fs-0a1b2c3d4e5f67890",
"CreationTime": "2026-05-06T10:00:00+00:00",
"LifeCycleState": "creating",
"Name": "my-efs",
"NumberOfMountTargets": 0,
"SizeInBytes": {
"Value": 0,
"ValueInIA": 0,
"ValueInStandard": 0,
"ValueInArchive": 0
},
"PerformanceMode": "generalPurpose",
"Encrypted": true,
"KmsKeyId": "arn:aws:kms:us-east-1:123456789012:key/b2c3d4e5-f6a7-8901-bcde-f12345678901",
"ThroughputMode": "elastic",
"Tags": [
{
"Key": "Name",
"Value": "my-efs"
}
],
"FileSystemProtection": {
"ReplicationOverwriteProtection": "ENABLED"
}
}
Next, create a mount target that serves as the NFS endpoint for EC2. For --security-groups, create an EFS security group in advance that allows inbound TCP 2049 from the EC2 security group, and specify its ID.
❯ aws efs create-mount-target \
--file-system-id fs-0a1b2c3d4e5f67890 \
--subnet-id subnet-0a1b2c3d4e5f67890 \
--security-groups sg-0a1b2c3d4e5f67890
{
"OwnerId": "123456789012",
"MountTargetId": "fsmt-0a1b2c3d4e5f67890",
"FileSystemId": "fs-0a1b2c3d4e5f67890",
"SubnetId": "subnet-0a1b2c3d4e5f67890",
"LifeCycleState": "creating",
"IpAddress": "10.0.1.123",
"NetworkInterfaceId": "eni-0a1b2c3d4e5f67890",
"AvailabilityZoneId": "use1-az1",
"AvailabilityZoneName": "us-east-1a",
"VpcId": "vpc-0a1b2c3d4e5f67890"
}
Wait until the mount target reaches the available state. You can check the status with the following command.
❯ aws efs describe-mount-targets --file-system-id fs-0a1b2c3d4e5f67890
{
"MountTargets": [
{
"OwnerId": "123456789012",
"MountTargetId": "fsmt-0a1b2c3d4e5f67890",
"FileSystemId": "fs-0a1b2c3d4e5f67890",
"SubnetId": "subnet-0a1b2c3d4e5f67890",
"LifeCycleState": "available",
"IpAddress": "10.0.1.123",
"NetworkInterfaceId": "eni-0a1b2c3d4e5f67890",
"AvailabilityZoneId": "use1-az1",
"AvailabilityZoneName": "us-east-1a",
"VpcId": "vpc-0a1b2c3d4e5f67890"
}
]
}
Mount EFS on EC2
SSH into your EC2 instance (Amazon Linux 2023) and install the EFS mount helper (amazon-efs-utils).
❯ sudo dnf install -y amazon-efs-utils
Create the mount point directory.
❯ sudo mkdir /mnt/efs
Mount the EFS file system with TLS encryption enabled.
❯ sudo mount -t efs -o tls fs-0a1b2c3d4e5f67890:/ /mnt/efs
Verify the mount. If you see a file system of type efs, the mount was successful.
❯ df -h /mnt/efs
Filesystem Size Used Avail Use% Mounted on
127.0.0.1:/ 8.0E 0 8.0E 0% /mnt/efs
Auto-Mount After Instance Restart
When you restart the instance, the mount is removed. Add an entry to /etc/fstab to automatically mount it after restarts.
❯ echo "fs-0a1b2c3d4e5f67890:/ /mnt/efs efs defaults,_netdev,tls 0 0" | sudo tee -a /etc/fstab
The _netdev option ensures the mount runs after the network is available. Add this option for any system that uses EFS at boot time.
Clean Up Resources
Delete the resources you created. Before deleting the EFS file system, you must delete the mount target first.
❯ aws efs delete-mount-target --mount-target-id fsmt-0a1b2c3d4e5f67890
Once the mount target is deleted, delete the file system.
❯ aws efs delete-file-system --file-system-id fs-0a1b2c3d4e5f67890
Summary
- Amazon EFS is a fully managed NFS file system that lets multiple EC2 instances and Lambda functions share the same files
- While EBS is block storage dedicated to a single instance, EFS supports simultaneous connections from multiple instances over the network
- To connect from EC2 to EFS, you need to configure security groups to allow NFS traffic (TCP port 2049)
- Install the EFS mount helper and run the mount command to work with EFS just like a regular Linux file system
- Add an entry to
/etc/fstabto automatically mount after reboots