Why is my Amazon EFS file system read-only?

Last updated: 2020-06-29

My Amazon Elastic File System (Amazon EFS) file system is available and mounted correctly on my Amazon Elastic Compute Cloud (Amazon EC2) instance, but I can't write to it. How do I fix this?

Short description

The following are two common issues that prevent you from writing to your file system:

  • The mount option in the /etc/fstab file is set to read-only access.
  • The associated AWS Identity and Access Management (IAM) policy indicates read-only access, or root access disabled.

Resolution

Note: This resolution uses the Amazon EFS mount helper. The Amazon EFS mount helper is preinstalled on Amazon Linux. If you're using another distribution, see Installing the amazon-efs-utils package on other Linux distributions.

Verify that mount options are correct in the /etc/fstab file

1.    Run the following command to check the current mount options for the file system:

$ mount -t nfs4

In the following example output, the variable ro indicates that the file system currently allows read-only access.

file-system-id.efs.region.amazonaws.com:/ on /efs type nfs4 (ro,relatime,vers=4.1,rsize=1048576,wsize=1048576,namlen=255,hard,noresvport,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.0.2.0,local_lock=none,addr=192.0.0.0)

2.    Change the mount parameter to rw (read/write access) in the /etc/fstab file using an editing tool such as vi:

Note: Replace file-system-id with the ID of your file system.

file-system-id:/ efs-mount-point efs rw,_netdev 0 0

3.    Run the following command to unmount and remount the file system.

$ sudo mount -o remount,rw /efs -t efs && mount -t nfs4
file-system-id.efs.region.amazonaws.com:/ on /efs type nfs4 (rw,relatime,vers=4.1,rsize=1048576,wsize=1048576,namlen=255,hard,noresvport,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=190.0.2.0,local_lock=none,addr=190.0.2.0)

4.    Create or edit a file in the file system to confirm that you can write to the file system.

Verify that permissions are set correctly

1.    Open the Amazon EFS console.

Note: Make sure you're in the same Region as your Amazon EFS file system.

2.    Select the file system you want to check, and then choose Actions, Manage client access.

3.    On the Policy settings tab, uncheck the following options, if selected:

Disable root access by default
Enforce read-only access by default

4.    Select Set policy.

5.    Select Save policy.

6.    Run the umount command to unmount the file system.

$ sudo umount /efs

7.    Run the mount command to mount the file system again to apply the changes.

Note: Replace file-system-id with the ID of your file system.

$ sudo mount -t efs -o iam fs-file-system-id /efs

8.    Add the following line to the /etc/fstab to make the new mount persistent after reboot using an editing tool such as vi:

Mount with IAM authorization to an instance that has an instance profile:

file-system-id:/ efs-mount-point efs _netdev,iam 0 0

Mount with IAM authorization to a Linux instance using a credentials file:

file-system-id:/ efs-mount-point efs _netdev,iam,awsprofile=namedprofile 0 0

Mount using an EFS access point:

file-system-id efs-mount-point efs _netdev,accesspoint=access-point-id 0 0

For more information, see Using /etc/fstab to mount automatically.

9.    Create or edit a file in the file system to confirm that you can write to the file system.