I have an EFS which can be mounted on my EC2 without issue with this command:
mount -t nfs4 -o nfsvers=4.1 myEfsId.efs.myRegion.amazonaws.com:/subfolder /mountDir
Now I would like to use Access Point to restrict the access of my EC2 to only my /subfolder/. Access Point is defined like this:
EFSAccessPoint:
Type: AWS::EFS::AccessPoint
Properties:
FileSystemId: myEFSId
RootDirectory:
CreationInfo:
OwnerGid: "xxx"
OwnerUid: "xxx"
Permissions: "0750"
Path: "/subfolder"
And my EC2 has a role containing these permissions:
{
"Action": [
"elasticfilesystem:ClientMount",
"elasticfilesystem:ClientWrite"
],
"Resource": [
"arn:aws:elasticfilesystem:myRegion:myAccountId:access-point/myAccessPointId"
],
"Effect": "Allow"
}
But then, the following mount command leads to a timeout:
mount -t nfs4 -o nfsvers=4.1,accesspoint=myAccessPointId myEFSId /mountDir
What could be missing?
Any reason you aren't using the EFS mount helper? I think you have to use that to specify the access point attribute like you are trying to do. The documentation for mounting via an access point only shows that via the EFS mount helper.
Also, note that you need to specify the iam attribute to tell it to use an IAM role, which is another thing I think you must use the EFS mount helper for.