How to Setup an Amazon AWS EC2 NFS Share

This article will be short and to the point, so whoever wants to mount a remote nfs share in their local machine they should be able to get it up and running in 5 mins or less. Here we go!

Step – 1 Setup AWS security groups

In your EC2 instance setup following Security group exemptions, it would be a good idea to create a separate security group called “NFS Services” or something to leave these exemptions separate from the rest of your security groups.

TCP
Port (Service) Source
111 0.0.0.0/0  
2049 0.0.0.0/0  
32768 0.0.0.0/0  
44182 0.0.0.0/0  
54508 0.0.0.0/0  
UDP
Port (Service) Source
111 0.0.0.0/0  
2049 0.0.0.0/0  
32768 0.0.0.0/0  
32770 – 32800 0.0.0.0/0  

I have set source to 0.0.0.0 for those ports but I do restrict who can access those services via /etc/hosts.deny in next step. Or if you prefer set the IP address of the client machine (external ip) to source when you add those port exemptions.

Step – 2 Install the NFS server

You need a running NFS service in your remote server so that the client can access shared directories/paths, install nfs server by typing the following line in the terminal of your aws instance.

sudo apt-get update && sudo apt-get install nfs-kernel-server

Step – 3 Decide what you want to share

Whatever you wanna share should go in /etc/exports file. So edit it using nano/vi/ or whatever text editor you have in the terminal, I use nano here

sudo nano /etc/exports

and add entries of the directories you want to share

/home/purinda *(rw,async,insecure,all_squash,no_subtree_check,anonuid=1001,anongid=1001)
/opt *(rw,no_subtree_check,sync,insecure)

If you read a nice article on how these exports thingy work you will figure out that the astrix is to specify the client IP (which can be specified as a CIDR address such as  241.111.42.23/32 or * to allow any client).

I have a different configuration set for /home/purinda as I use a Mac OSx 10.8.2 mountain lion client which uses nfsv2 client to connect and it require some security tweaks like I have mentioned. Or read my other article on this subject.

Step – 4 Reload the NFS service 

Type

sudo service nfs-kernel-server reload

to reload the NFS service on your ec2 instance.

and you may or may not require

exports -av

Step – 5 Connect!

In your local/desktop open up a terminal and create a directory which should be used for mounting the remote directory, for example if you want the remote /home/purinda mounted in your /Volumes/purinda in MacOS x

then

mkdir /Volumes/purinda
mount -t nfs -o nfsvers=2 <elastic-ip-of-ec2>:/home/purinda /Volumes/purinda/

on a linux desktop/client you may be able to just do

mount -t nfs <elastic-ip-of-ec2>:/home/purinda /Volumes/purinda/

Enjoy!

Advertisements

8 thoughts on “How to Setup an Amazon AWS EC2 NFS Share

  1. Pingback: Create a NFS instance on AWS by the Sysco team | WebLogic Community
  2. Thank you for posting this! I think in step 4, maybe it should be “exportfs -av” as that is what I use locally in my server/workstation NFS farm. This is very helpful for getting started with AWS and NFS.

  3. Can we also set NFS across AWS region? Say my server is in region 1 and I want to mount nfs share on ec2 instance in region 2. I guess this should be possible as long as both machines have EIP however what about ec2 instances not having elastic ip?

    • http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html

      As per the above document, Private and Public IPs could change if you Stop/Start an instance (not on reboot thought).
      So there are two ways I can think of (without EIP) right now,

      1. Use a DDNS service which would auto-resolve the Public IP of the instance.
      2. Use the AWS CLI tools and use the command “ec2-describe-instances” to filter (you can add tags to your instances describing their role) your NFS instances and get their private IPs at boot time, update the exports and automount files.

      Let me know if you need any of the steps explained further

      Good luck

  4. This design is steller! You most certainly know how to keep a reader entertained.

    Between your wit and your videos, I was almost moved to start my own blog (well, almost…HaHa!)
    Wonderful job. I really enjoyed what you had to say, and more than that, how you presented it.
    Too cool!

  5. Very helpful. Thanks

    It would be helpful it you made it clear that the Security Group needs to be associated with the NFS Server only. Not on the remote servers.

    Btw, is there a way to use password authentication or key authentication to control which server mounts the nfs mount?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s