How to connect EFS to Windows


AWS Amazon-EFS


Table of contents:

This article was written more than 5 years ago and it was just an experiment …

Elastic File System (EFS) from Amazon was introduced at the end of 2016 (at re:Invent 2016) and in fact adds great value to cloud compute services like EC2. If you are not aware of this new service, in short - it is file share that you can mount to your cloud (or even on-prem servers connected to your VPC through Direct Connect service). Simply saying you can do mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 <ip-of-your-efs>:/ /tmp. This is copy/paste from AWS console with recommendation on mounting file share to Linux instance (of course you need to have NFS client with v4.1 support). And you can do this to multiple EC2 instances as well (even more - you can add this into Advanced details -> User’s data for launching new instances with EFS attached by default for all new instances). Something like this:

However this is limitation, - MS Windows is not supported. So if you have either 2012 or 2016 or something else, you are not able to mount your EFS to it. Bad. Let’s think wide and try to figure out available options. What if we can re-export mounted NFS as SMB share and map it to MS Windows of our choice?

NB! I do run the below commands as root, so if you are not, prepend sudo where applicable.

Setting up EFS #

First of all make sure you are in the region, that supports AWS EFS. At the time of writing this post you are looking at 6 regions out of 14. Withing each region you can either allow or deny access to your share for each availability zone. Each AZ points to your security group(s). For the EFS availability we just need to open up to the world 2049 port (EC2 -> Security Group) and it is pre-defined in the list of protocols (just pick it and define your IP, CIDR or another Security Group). EFS creation takes some time, when done you should be able to see further instructions. For example for ubuntu just drop the following into your shell:

1
2apt-get install -y nfs-common
3mkdir /mnt/efs
4mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 your-efs-fqdn:/ /mnt/efs

Just change your your-efs-fqdn to your output from the AWS -> EFS section. As I said earlier you can drop this boilerplate into User’s data section of your EC2 launch, so your instance is going to access this share once ready.

Re-exporting NFS share for using in Windows #

Now, when we have EFS mounted we want to give our Windows user’s access to it’s files. Let’s do this using samba. Again, drop the following to your shell for installing SMB services in your ubuntu:

1
2apt-get install -y samba samba-common python-glade2 system-config-samba
3cp -pf /etc/samba/smb.conf /etc/samba/smb.conf.bak
4cat /dev/null > /etc/samba/smb.conf
5vim /etc/samba/smb.conf

If you don’t have vim use texteditor of your choice (for example nano /etc/samba/smb.conf) and paste the following boilerplate (feel free to customize it if you need):

 1
 2[global]
 3workgroup = WORKGROUP
 4server string = AWS-EFS-Windows
 5netbios name = ubuntu
 6dns proxy = no
 7socket options = TCP_NODELAY
 8
 9[efs]
10path = /mnt/efs
11read only = no
12browseable = yes
13guest ok = yes

Save and start your samba by /etc/init.d/smbd restart. Just to make sure you have set the configuration file right testparm can help to validate it.

 1
 2testparm /etc/samba/smb.conf
 3Load smb config files from /etc/samba/smb.conf
 4rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
 5Processing section "[efs]"
 6Loaded services file OK.
 7Server role: ROLE_STANDALONE
 8
 9Press enter to see a dump of your service definitions
10
11# Global parameters
12[global]
13	netbios name = UBUNTU
14	server string = SMB-Server
15	dns proxy = No
16	idmap config * : backend = tdb
17
18
19[efs]
20	path = /mnt/efs
21	read only = No
22	guest ok = Yes
23	

Our SMB is ready, let’s move to Windows environment and map this share to some drive latter as “Add a network location”.

Mapping AWS EFS to Windows #

This is done for EC2 instances (but I am sure you can map SMB share from anywhere). Just make sure you have setup your security group accordingly (445 and 139 ports should be open between source and target). Drop something to this share from your Windows environment and check back from your Linux machine if it is available. Check further from other instances and see if this approach works.

Conclusion #

There definitely be some performance issues with SMB, but it was just an experiment on how to re-export NFS share for Windows boxes.

That’s it!

comments powered by Disqus