Bobcares

List EC2 instances connected to EFS – How to do it

by | Sep 6, 2021

Want to list EC2 instances connected to EFS? We can help you.

As a part of our AWS Support Services, we often receive similar requests from our AWS customers.

Today, let’s see the steps followed by our Support Techs to help our customers.

How to list EC2 instances connected to EFS?

Traffic on the elastic network interface of each Amazon EFS mount target is tracked using the VPC flow logs.

The flow logs can push to Amazon CloudWatch logs.

Using CloudWatch logs insights, the traffic flow on the mount target’s elastic network interface will filter to provide the list of Amazon EC2 instances that have mount an Amazon EFS in a specific timestamp.

Today, let us see the steps followed by our Support Techs to perform the task.

After completing the steps, each time you want to list the IP addresses of the clients mounting the Amazon EFS, run a query to create a current list.

 

Create a log group

1. Open the CloudWatch console, and then select Logs.
2. Select the Actions menu, and then select Create Log Group.
3. Enter a Log Group Name, and then select Create Log Group.

Create an Identity and Access Management (IAM) role with permission for publishing flow logs to CloudWatch Logs

1. Open the IAM console, and then create a new IAM role.
2. The IAM policy that’s attached to your IAM role must include the permissions to publish the VPC flow logs to CloudWatch and must have a trust relationship that allows the flow logs service to assume the role.

Get the list of elastic network interfaces used by the mount target of your Amazon EFS

1. Firstly, open the Amazon EFS console.
2. Then, select the specific Amazon EFS and note the Network Interface ID for each mount target.

Create the flow logs

1. Open the Amazon EC2 console, and then select Network Interfaces.
2. Then, select all the elastic network interfaces that you noted in step 3 that are being used by the mount target.
3. Select the Actions menu, and then select Create flow log.

Use the following values when creating the flow log:

Filter: Select All
Destination: Select Send to CloudWatch Logs
Destination log group: Choose the log group created in Step 1.
IAM role: Choose the IAM Role created in Step 2.

4. Then, select Create.
5. Monitor the flow log status by selecting the specific elastic network interface that you created a flow log for.

At the bottom of the screen, select Flow Logs. Verify that the Status is Active.
6. The first flow log should be pushed to CloudWatch Logs in about 10 minutes.

Verify that the flow logs are in CloudWatch Logs

1. Open the CloudWatch console, and then select Logs.
2. Next, select the Log Group created in step 1.
3. Finally, verify that all the log streams created in step 4 appear.

Each elastic network interface has a different log stream.

Run a query

To run a query in CloudWatch Logs Insights:

1. In the CloudWatch console, select Insights.
2. Then, select the log groups created in step 1 from the drop-down menu.
3. Next, select the duration that you want to review the flow logs for (Last 15 min, 30 min, 1 hr).
4. Enter the following query:

filter dstPort="2049" | stats count(*) as FlowLogEntries by srcAddr | sort FlowLogEntries desc

5. Select Run Query. The output contains the list of private IPs of all the Amazon EC2 instances where you mounted Amazon EFS.

To run a query from the AWS Command Line Interface (AWS CLI):

1. After the VPC flow log is set up, you can use an AWS CLI command to run the query.

2. Then, verify that the AWS CLI is updated to the latest version:

$ pip install --upgrade awscli

3. Verify that jq is installed:

yum install -y jq

4. Use the following AWS CLI query using these query parameters:

log-group-name: Enter the log group name you created in step 1.

start-time / end-time: These values are in Unix/Epoch time.

Use the converter found at epochconverter.com to convert human-readable timestamps to Unix/Epoch time.

test.json: You can optionally change the json file name each time you run this command.

Changing the name makes sure that the previous output isn’t merged with the new output.

sleep: This value (in seconds) is used as delay while the CloudWatch Logs Insights query is executed.

The value entered depends on how long you want to review the flow logs. If you want to review the logs for a longer duration, such as weeks, then increase the sleep time.

pre>aws logs start-query --log-group-name EFS-ENI-logs --start-time 1549002413 --end-time 1553063276 --query-string "filter dstPort="2049" | stats count(*) as FlowLogEntries by srcAddr | sort FlowLogEntries desc" >> test.json && sleep 10 && jq .queryId test.json | xargs aws logs get-query-results --query-id

[Need help with more AWS queries? We’d be happy to assist]
 

Conclusion

 
To conclude, today we discussed the steps followed by our Support Engineers to List EC2 instances connected to EFS.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF