One of the most common queries we get from our AWS customers is “Why is Amazon EFS read-only file system?” We can help you with fixing this issue!

Here at Bobcares, we often handle requests from our customers to fix similar AWS queries.

Today, let’s see the steps followed by our Support Techs to help our customers to fix this ‘unable to write Amazon EFS filesystem issue.

 

Amazon EFS read-only file system

 
There are two common issues that prevent us from writing the Amazon EFS filesysytem and they are:

• If we set to read-only access for the mount option in the /etc/fstab file.
• The root access disabled or AWS Identity and IAM policy indicates read-only access.

Mount option in the /etc/fstab file

1. For checking the current mount options for the file system, we need to run the following command:

$ mount -t nfs4

For example, the output is:

file-system-id.efs.region.amazonaws.com:/ on /efs type nfs4 (ro,relatime,vers=4.1,rsize=1048576,wsize=1048576,namlen=255,hard,noresvport,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.0.2.0,local_lock=none,addr=192.0.0.0)

Here, ro indicates that the filesystem allows read-only access.
2. Now, we can change the mount parameter to read/write access in the /etc/fstab file by editing the file.

file-system-id:/ efs-mount-point efs rw,_netdev 0 0

Here rw indicates that the filesystem allows read/write access.
3. Then to unmount and remount the file system, run the following command.

$ sudo mount -o remount,rw /efs -t efs && mount -t nfs4
file-system-id.efs.region.amazonaws.com:/ on /efs type nfs4 (rw,relatime,vers=4.1,rsize=1048576,wsize=1048576,namlen=255,hard,noresvport,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=190.0.2.0,local_lock=none,addr=190.0.2.0)

4. Finally, we need to confirm that we can write to the file system by creating or editing a file in the file system.
 

Verifying the permissions

 
To verify that the permissions set correctly, we need to follow steps below:

1. Firstly, log in to the AWS management console and then open the Amazon EFS console.

2. Then select the file system , and then select View details.

3. Select Edit from the File system policy tab.

4. Then we need to uncheck the following options, if it is selected:

Prevent root access by default
Enforce read-only access by default

5. Select the Set policy and then select Save policy.

6. Now for unmounting the file system, run the command :

$ sudo umount /efs

7. Then we need to run the mount command to mount the file system again to apply the changes.

$ sudo mount -t efs -o iam fs-file-system-id /efs

9. To preserve the new mount after reboot, we need to add the following line to the /etc/fstab.

For Mounting with IAM authorization to an instance that has an instance profile:

file-system-id:/ efs-mount-point efs _netdev,iam 0 0

Mount with IAM authorization to a Linux instance using a credentials file:

file-system-id:/ efs-mount-point efs _netdev,iam,awsprofile=namedprofile 0 0

Mount using an EFS access point:

file-system-id efs-mount-point efs _netdev,accesspoint=access-point-id 0 0

10. Finally, we need to confirm that we can write to the file system by creating or editing a file in the file system.

[Need help with more AWS queries? We’d be happy to assist]
 

Conclusion

 
To conclude, today we discussed the steps followed by our Support Engineers to help our customers to fix “Why is Amazon EFS file system read-only ?” issue.