AWS Storage Option: EFS

To understand Amazon EFS, it is best to examine the different components that allow EC2 instances access to EFS file systems. Create one or more EFS file systems within an AWS Region. Each file system is accessed by EC2 instances via mount targets, which are created per Availability Zone. Create one mount target per Availability Zone in the VPC. Traffic flow between Amazon EFS and EC2 instances is controlled using security groups associated with the EC2 instance and the EFS mount targets.  For example, Create a file system in a VPC and create mount targets in each availability zone (subnet of VPC) from which EC2 instance will connect to the file system.  Create EC2 instance within same VPC, subnets, and using same security group.  (Source: AWS Storage Service Whitepaper):
You can mount the Amazon EFS file system from these targets:
  • Amazon EC2 instances in the same VPC
  • EC2 instances in a VPC connected by VPC peering
  • On-premises servers by using AWS Direct Connect
  • On-premises servers over an AWS virtual private network (VPN) by using Amazon VPC

When you use a Shared VPC or VPC peering (even Inter-region) connection or transit gateway to connect VPCs, Amazon EC2 instances that are in one VPC can access EFS file systems in another VPC, even if the VPCs belong to different accounts. 


When using EFS, we specify Amazon EC2 security group for the EFS mount targets associated with the file system.  One can authorize inbound and outbound access to EFS file system.  To do so, we add rules that allow EC2 instance to connect to Amazon EFS file system through the mount target using the NFS port - Open port 22 on EC2 security group (inbound) and port 2049 (NFS) on EFS security group (inbound).  One can enable encryption of data at rest when creating an Amazon EFS file system. You can enable encryption of data in transit when you mount the file system using Mount helper.


EFS file systems are distributed across an unconstrained number of storage servers, enabling file systems to grow elastically and allowing massively parallel access from Amazon EC2 instances to your data. Additionally, Amazon EFS data is distributed across multiple Availability Zones (AZs). 
Performance Modes: 
  • General Purpose (default): Ideal for latency sensitive use cases, web serving environments, content management systems, home directories, and general file serving.  Recommended for majority of use cases
  • Max I/O: File systems in the Max I/O mode can scale to higher levels of aggregate throughput and operations per second with a tradeoff of slightly higher latencies for file operations. Highly parallelized applications and workloads, such as big data analysis, media processing, and genomics analysis, can benefit from this mode.
Throughput (Aggregate Read/Write) Modes: 
  • Bursting: Throughput scales as file system grows.  File based workloads drive high level of throughputs (burst) for short period of time and low level for rest of the time.  Depending on the size of the file system, Amazon will provide burst credit (time period) and throughput will burst for that period.
  • Provisioned: Provisioned Throughput mode is available at additional charges.