Nathan Zook
Reputation: 31
AWS mount of EFS drive fails when drive policy requires encryption in transit
The error message "mount.nfs4: access denied by server while mounting " leads to this debug page: https://docs.aws.amazon.com/efs/latest/ug/troubleshooting-efs-mounting.html. While the advice given is technically correct (it IS a permissions issue), it does not go very far pointing to the fix.
Upvotes: 0
Views: 1232
Answers (1)
Nathan Zook
Reputation: 31
There are two layers to the issue:
- The policy requires that the drive be mounted with tls. Instructions for this are given here: https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-mount-helper-ec2-linux.html, IF you use the mount helper, and specify -o tls.
- The /etc/fstab created by the instance creation wizard does not perform the proper mount. In fact, the "Using the NFS client" option on that same page is equivalent to the bad entry which is created.
Here is what a proper /etc/fstab entry looks like for encryption in transit: fs-0123456789abcdef0:/ /mnt/fs-1 efs tls,_netdev 0 0
Upvotes: 1
Related Questions
- What is wrong with this AWS EFS policy?
- aws efs connection timeout at mount
- AWS efs mount permission denied
- How enable EBS encryption with AWS ECS
- "MountVolume.SetUp failed for volume" with EKS and EFS
- EFS mount in ECS "Failed to resolve"
- Mount error while trying to connect encrypted AWS EFS with efs-csi-node in EKS
- Verify encryption of ebs volumes in aws
- AWS IAM policy to enforce new EBS volumes are encrypted
- Mounting encrypted EFS (AWS) to kubernetes pod