I have created an Amazon EFS filesystem in the Sydney Region and would like to mount it on an EC2 instance in the Singapore region.
Is this possible?
Answering as people may not look at the comment.
You can now connect to Amazon EFS file systems from EC2 instances in other AWS regions using an inter-region VPC peering connection, and from on-premises servers using an AWS VPN connection.
https://aws.amazon.com/about-aws/whats-new/2018/10/amazon-efs-now-supports-aws-vpn-and-inter-region-vpc-peering/
This answer is outdated. Please see other answer.
An Amazon EFS filesystem is only accessible in the VPC that was selected when it was created, or via Direct Connect when linked to that VPC.
Each Amazon VPC is only in one Region.
As per the Amazon EFS Limits documentation page:
An Amazon EFS file system can be mounted from on-premises datacenter servers using AWS Direct Connect. However, other VPC private connectivity mechanisms such as a VPN connection and VPC peering are not supported.
Related
I'm trying to mount an AWS EFS file system to an EC2 instance that is in another account. I followed the below steps:
Account A:
VPC-A: 172.31.0.0/16
Created EFS in the VPC
Security group-A: Allows all inbound traffic from VPC-B(10.210.0.0/16) in Account B, also allows all outbound traffic to the internet. And this security group is attached to the EFS file system.
Accepted VPC peering connection request from VPC-B(10.210.0.0/16)
Route table-A: contains the route to VPC-B(10.210.0.0/16) via peering connection
Account B:
VPC-B: 10.210.0.0/16
Launched an EC2 instance(10.210.0.165) in a private subnet in VPC-B
Security group-B: Allows both inbound and outbound traffic from/to VPC-A(172.31.0.0/16)
Created a VPC Peering connection with VPC-A
Route table-B: contains the route to VPC-A(172.31.0.0/16) via peering connection
Note: I made sure that the region and availability zones of both the EFS in account A and EC2 instance in account B are the same. Also connecting to the EFS endpoint in the correct AZ using the mount by IP option
Still, I'm getting "mount.nfs4: Connection timed out error"
Please help!
Edit:
Just to test the setup and connectivity, I launched one EC2 instance in account A and ping worked from the EC2 instance in account B.
I have a aws EC2 (EC2-A) and Amazon Managed Blockchain running in VPC (VPC-A)
This EC2-A instance has some files and certificates (required for executing transactions in the blockchain)
EC2-A has EBS storage which can be mounted on only one EC2 instance at one time.
Transactions can be only executed to the blockchain network from the EC2-A, since they're are in the same VPC-A.
I have an aws EKS (Kubernetes cluster) running in VPC-B.
How can I access the files and certificates of EC2-A from a pod in my k8s cluster. Also I have another pod which will be blockchain client executing transactions in the blockchain network, which is in VPC-A.
Both these VPC-A and VPC-B are in the same aws account.
Mount a folder/files on an EC2 instance to a pod running in EKS is not supported. For your use case, you can easily share folder/files using EFS if not S3. If you are only allow to do pod to EC2 communication, you need a way for these resources to reach each other either by public IP if not VPC peering. Then you can run sftp, scp... any kind of off the shelf file sharing software you knew best for file exchange.
You need to connect 2 VPCs with VPC Peering, then you can install NFS in your EC2, and write PV, PVC point to the NFS EC2.
To design a system I need to decide on where to deploy the instances (suppose that I don't really care where they are but only want to optimize costs).
The on-demand page mentions several billing items:
Data Transfer IN To Amazon EC2 From Internet
Data Transfer OUT From Amazon EC2 To Internet
Data Transfer OUT From Amazon EC2 To (a list of regions)
Data Transfer Across AZ within this Region
My questions:
About item 1 - they say this is free, is it? does it make sense that from Internet to Amazon is free while from Amazon to Amazon is not free? (I'm talking on the inbound data here, not the outbound).
In items 2-3: does "Amazon" refer to all AWS services, including another EC2 instance?
Regarding item 4: it is written "Data transferred "in" to and "out" of Amazon EC2, Amazon RDS, Amazon Redshift , Amazon DynamoDB Accelerator (DAX), and Amazon ElastiCache instances or Elastic Network Interfaces across VPC peering connections in the same AWS region is charged at $0.01/GB." Is that meaning that if I run a process between 2 EC2 instances on the same region then I pay for each GB twice? first for outbound from one instance and second for the inbound on the other instance.
The simple rules-of-thumb are:
Inbound traffic from the Internet to the AWS Cloud is free.
Outbound traffic from the AWS Cloud to the Internet is charged at the applicable rates in each region (this is the majority of the cost). This applies to anything that sends traffic out to the Internet from your AWS services.
Outbound traffic from the AWS Cloud to Amazon CloudFront has a lesser rate
Traffic within a region but between Availability Zones is 1c/GB in each direction. In fact, the wording on the EC2 Instance Pricing page now shows this.
To answer your specific questions:
Inbound is free
Outbound is for any AWS service that sends traffic to the Internet
Traffic between AZs or via VPC Peering is charged in "each direction"
Is it possible to use an EFS in AWS for several instances located in different regions?
If not, is it possible to do somethink like that using AWS console?? Doesn't matter latency or throughput between EC2 instance and network volume.
EFS can be accessed through Direct Connect or VPN. Estabilsh VPN connection between regions and you can mount EFS with the IP address of the corresponding mount target.
This is a bit of a basic question, I don't have much experience of AWS (Azure is my usual bag!).
When connecting to an RDS instance from and EC2 instance using connection string such as : xxx.xxxxxx.eu-west-1.rds.amazonaws.com:1433 and both the RDS and EC2 are in the same VPC will there be bandwidth charges for that connection? The EC2 can only access the RDS when the RDS IP address is added to the security group.
Also, is the traffic routed over the internet or is there some way to configure traffic over some sort of virtual LAN? If so could someone point me in the direction of how that works?
Does this configuration sound correct?
Thanks for your help.
Carl
When connecting to an RDS instance from and EC2 instance using
connection string such as :
xxx.xxxxxx.eu-west-1.rds.amazonaws.com:1433 and both the RDS and EC2
are in the same VPC will there be bandwidth charges for that
connection?
The bandwidth charges are the same as data transfer between two EC2 instances in the same VPC. That is, there will be no charge for data transfer within the same availability zone, and will be charged $0.01 per GB for data transferred between availability zones.
The EC2 can only access the RDS when the RDS IP address is
added to the security group.
You should enable inbound access from the EC2 security group associated with your EC2 instance, instead of the EC2 IP address.
Also, is the traffic routed over the internet or is there some way to
configure traffic over some sort of virtual LAN? If so could someone
point me in the direction of how that works?
The VPC (Virtual Private Cloud) is the virtual LAN you are looking for. All traffic between instances and services within your VPC stays within your VPC. Communication within your VPC does not go out to the internet.
Since you mentioned you are coming from an Azure background, you should try to map your knowledge of Azure services to the corresponding AWS services. I believe an "Azure Virtual Network" is basically the same thing as an AWS VPC.
You can give permission to your ec2 instance ip address in your RDS security group.
Which database you used?
If you are using mysql then ping from server terminal:
mysql -h<<hostname>> -u<<username>> -p<<password>>