1 00:00:00,140 --> 00:00:01,310 All right, so in this lecture, 2 00:00:01,310 --> 00:00:04,100 we are going to learn how to use EFS. 3 00:00:04,100 --> 00:00:06,260 And, for this, we first have to go 4 00:00:06,260 --> 00:00:07,700 and create a Security Group, 5 00:00:07,700 --> 00:00:09,750 so we'll go to the Security Group side. 6 00:00:09,750 --> 00:00:13,950 We'll create one and I'll call it My EFS Demo 7 00:00:13,950 --> 00:00:18,360 and it's just a security group for EFS, 8 00:00:18,360 --> 00:00:20,060 just so we can understand exactly how 9 00:00:20,060 --> 00:00:21,750 security groups work for EFS. 10 00:00:21,750 --> 00:00:24,500 So for now, inbound, I will have no rules 11 00:00:24,500 --> 00:00:27,010 and outbound, I will have all the rules, as well. 12 00:00:27,010 --> 00:00:29,310 So, this is just a default security group, here we go. 13 00:00:29,310 --> 00:00:33,830 So now, My EFS Demo, right here, is being created. 14 00:00:33,830 --> 00:00:35,730 Next, I'm going to go to Services, 15 00:00:35,730 --> 00:00:39,040 type in EFS, and open up the EFS File System. 16 00:00:39,040 --> 00:00:41,070 As we can see, this is a file storage 17 00:00:41,070 --> 00:00:43,866 to use for our EC2 Instances, just like I told you, huh? 18 00:00:43,866 --> 00:00:44,880 (he laughs) 19 00:00:44,880 --> 00:00:46,760 Next, we create the file system. 20 00:00:46,760 --> 00:00:48,020 And, we have three steps, 21 00:00:48,020 --> 00:00:49,140 the first one is to configure it, 22 00:00:49,140 --> 00:00:50,590 the second one is optional settings 23 00:00:50,590 --> 00:00:52,700 and the third one is to review and create. 24 00:00:52,700 --> 00:00:55,650 So, we're going to create this in our default VPC. 25 00:00:55,650 --> 00:00:57,772 And, as I told you, EFS is accessible across 26 00:00:57,772 --> 00:01:02,772 3AZ, so we have eu-west-1a, 1b and 1c all ticked 27 00:01:03,160 --> 00:01:04,470 and they're all going to be created 28 00:01:04,470 --> 00:01:05,920 within their own subnets. 29 00:01:05,920 --> 00:01:09,190 They will get assigned an automatic IP address 30 00:01:09,190 --> 00:01:11,250 and then I have to assign a security group. 31 00:01:11,250 --> 00:01:14,010 Now, we're going to remove all the default security group 32 00:01:14,010 --> 00:01:18,290 and I'll just type in the EFS Demo security group. 33 00:01:18,290 --> 00:01:20,830 So I'll assign this EFS Demo security group 34 00:01:20,830 --> 00:01:23,730 to the three subnets and, here we go. 35 00:01:23,730 --> 00:01:24,563 We're done. 36 00:01:24,563 --> 00:01:27,294 So this is basically saying that our Elastic File System 37 00:01:27,294 --> 00:01:29,360 has a security group attached to it 38 00:01:29,360 --> 00:01:31,410 and this is how we could control 39 00:01:31,410 --> 00:01:34,630 which Instances can talk to it or not. 40 00:01:34,630 --> 00:01:36,110 Now let's go to Next Step. 41 00:01:36,110 --> 00:01:37,520 We could Add Tags if we wanted to, 42 00:01:37,520 --> 00:01:42,380 so I'll just call it EFS Demo as a name, that sounds good. 43 00:01:42,380 --> 00:01:44,690 Here we can choose the performance mode, so as I told you, 44 00:01:44,690 --> 00:01:47,170 there is General Purpose or Max I/O. 45 00:01:47,170 --> 00:01:48,730 But Max I/O is when you have thousands 46 00:01:48,730 --> 00:01:50,190 or hundreds of EC2 instances. 47 00:01:50,190 --> 00:01:52,200 So we'll just use GP for now. 48 00:01:52,200 --> 00:01:55,530 The Throughput mode we can choose Bursting or Provisioned. 49 00:01:55,530 --> 00:01:57,430 We'll just use Bursting, it's the simplest one, 50 00:01:57,430 --> 00:01:59,370 but Provisioned will be have to specify 51 00:01:59,370 --> 00:02:01,450 how many megabytes per second we want. 52 00:02:01,450 --> 00:02:05,070 And so for the exam, just know that Bursting is enough. 53 00:02:05,070 --> 00:02:07,510 And Enable Encryption if we wanted to enable 54 00:02:07,510 --> 00:02:09,630 the encryption at rest in which we would choose 55 00:02:09,630 --> 00:02:12,230 a KMS master key, for example, aws/elasticfilesystem 56 00:02:14,140 --> 00:02:15,690 to encrypt our data at rest. 57 00:02:15,690 --> 00:02:17,100 For now, I'll just disable it, 58 00:02:17,100 --> 00:02:18,960 it'll make everything more simple. 59 00:02:18,960 --> 00:02:21,720 Click on Next Step and we Review everything. 60 00:02:21,720 --> 00:02:25,010 It all looks good and click on Create File System. 61 00:02:25,010 --> 00:02:28,530 Now this can go and take a little bit of time to happen 62 00:02:28,530 --> 00:02:31,160 because this will actually provision a file system 63 00:02:31,160 --> 00:02:32,890 and assign an IP for you. 64 00:02:32,890 --> 00:02:34,710 So, now the system is created, 65 00:02:34,710 --> 00:02:36,330 but as you can see in the bottom, 66 00:02:36,330 --> 00:02:39,290 the Mount Target State is in creating stage. 67 00:02:39,290 --> 00:02:41,050 You can also see that, for now, 68 00:02:41,050 --> 00:02:43,120 we're going to get a File System ID 69 00:02:43,120 --> 00:02:45,730 that we'll use later on in this course. 70 00:02:45,730 --> 00:02:48,810 We get a Metered Size so we get actually the number of, 71 00:02:48,810 --> 00:02:51,910 the size of all the files we put on our file system 72 00:02:51,910 --> 00:02:55,250 and the number of Mount Targets, so how many AZs it's on. 73 00:02:55,250 --> 00:02:56,660 So this looks good. 74 00:02:56,660 --> 00:02:59,420 Now we get to have to wait, but in the meantime, 75 00:02:59,420 --> 00:03:03,330 I'm going to go ahead and create an EC2 Management Console. 76 00:03:03,330 --> 00:03:06,380 So, let's go to my EC2 Instances 77 00:03:06,380 --> 00:03:08,700 and I'm going to launch Instances. 78 00:03:08,700 --> 00:03:11,240 I'm going to launch in Amazon Linux 2 79 00:03:11,240 --> 00:03:13,870 and I'm going to say okay to t2.micro. 80 00:03:13,870 --> 00:03:16,170 Then I'm going to Configure Instance Details 81 00:03:16,170 --> 00:03:21,020 and I'll say this one, I want it to be in eu-west-1a. 82 00:03:21,020 --> 00:03:22,410 Sounds good to me. 83 00:03:22,410 --> 00:03:24,810 Then I'll click on Next Add Storage, 84 00:03:24,810 --> 00:03:28,220 Next Add Tags, Next Configure Security Group 85 00:03:28,220 --> 00:03:30,150 and I'll just create a new security group. 86 00:03:30,150 --> 00:03:32,430 I'll call it ec2-for-efs, 87 00:03:32,430 --> 00:03:35,220 just because I want to show you that we can have 88 00:03:35,220 --> 00:03:38,490 a security group dedicated to these EC2 Instances. 89 00:03:38,490 --> 00:03:42,850 I'll allow SSH on Port 22 so I can install stuff on it. 90 00:03:42,850 --> 00:03:44,420 Review and Launch, then Launch 91 00:03:44,420 --> 00:03:46,823 and say I'll use my key pair AWSCourse. 92 00:03:47,830 --> 00:03:50,010 Launch Instances and I will basically 93 00:03:50,010 --> 00:03:52,180 launch a very similar Instance. 94 00:03:52,180 --> 00:03:55,330 So I right click and Launch More Like This 95 00:03:55,330 --> 00:03:59,230 and I'm going to edit basically the AZ I'm in. 96 00:03:59,230 --> 00:04:02,140 So in Instance Details I'm going to edit 97 00:04:02,140 --> 00:04:04,450 the Instance Details and say okay, 98 00:04:04,450 --> 00:04:08,040 what I want to do is now to launch in eu-west-1b, 99 00:04:08,040 --> 00:04:09,890 in my subnet eu-west-1b. 100 00:04:09,890 --> 00:04:14,240 Sounds good, click on Next Add Storage, Next Add Tags. 101 00:04:14,240 --> 00:04:16,400 Security Group we're going to reuse 102 00:04:16,400 --> 00:04:18,430 that ec2-for-efs security group. 103 00:04:18,430 --> 00:04:22,000 So that's perfect, ec2-for-efs, yeah, perfect 104 00:04:22,000 --> 00:04:24,650 and click on Review and Launch and Launch. 105 00:04:24,650 --> 00:04:26,640 I have the key pair and okay. 106 00:04:26,640 --> 00:04:28,760 So now what we get out of this is 107 00:04:28,760 --> 00:04:31,820 that we have two instances, two t2.micro, 108 00:04:31,820 --> 00:04:33,247 running in eu-west-1a, 109 00:04:33,247 --> 00:04:36,030 eu-west-1b and they're all going to have 110 00:04:36,030 --> 00:04:38,350 this ec2-for-efs security group 111 00:04:38,350 --> 00:04:41,100 and we're going to configure EFS on both of them. 112 00:04:41,100 --> 00:04:43,220 So what I'm going to do is get the Public IP 113 00:04:43,220 --> 00:04:45,270 and SSH into these Instances. 114 00:04:45,270 --> 00:04:48,070 So here I can SSH in my first Instance. 115 00:04:48,070 --> 00:04:48,910 Okay, here we go. 116 00:04:48,910 --> 00:04:50,730 And my second Instance is right here. 117 00:04:50,730 --> 00:04:52,240 I'll also get the Public IP 118 00:04:53,210 --> 00:04:57,220 and I will run the SSH command on this one. 119 00:04:57,220 --> 00:04:59,290 All right, so I'm in my two Instances. 120 00:04:59,290 --> 00:05:01,230 They have different Public IP, different Private IP. 121 00:05:01,230 --> 00:05:03,250 They're in different Availability Zones 122 00:05:03,250 --> 00:05:06,200 and now I have to Configure EFS. 123 00:05:06,200 --> 00:05:08,700 So for this, we can go to Elastic File System 124 00:05:08,700 --> 00:05:11,600 and you can get basically Mount instructions 125 00:05:11,600 --> 00:05:12,870 from a local VPC. 126 00:05:12,870 --> 00:05:15,380 So you can click on it and here it shows you exactly 127 00:05:15,380 --> 00:05:17,610 how to setup your Instances. 128 00:05:17,610 --> 00:05:20,690 So the first thing I have to do is to run sudo yum install 129 00:05:20,690 --> 00:05:22,970 and then the amazon-efs-utls. 130 00:05:22,970 --> 00:05:25,060 It's basically to help us mount the EFS. 131 00:05:25,060 --> 00:05:29,480 So I'll just do this and install it on both machines. 132 00:05:29,480 --> 00:05:30,700 So it's going to install it. 133 00:05:30,700 --> 00:05:32,320 Perfect, it's done. 134 00:05:32,320 --> 00:05:34,780 And then, you have to Mount your File System. 135 00:05:34,780 --> 00:05:38,330 So we'll create an EFS Directory on our Instance. 136 00:05:38,330 --> 00:05:40,760 So we'll go in Create an EFS Directory. 137 00:05:40,760 --> 00:05:45,760 I'll create actually a slash, a root at EFS, so /efs. 138 00:05:47,970 --> 00:05:49,433 So here we go, sudo mkdir. 139 00:05:50,410 --> 00:05:53,660 I'll do it here too, sudo mkdir /efs. 140 00:05:53,660 --> 00:05:55,050 So now if we go here, we can see 141 00:05:55,050 --> 00:05:58,540 that we have an EFS Directory that has been created. 142 00:05:58,540 --> 00:05:59,640 And the next thing we have to do 143 00:05:59,640 --> 00:06:01,960 is to Mount using the Helper. 144 00:06:01,960 --> 00:06:06,120 So, as you can see, we can use TLS Mount option 145 00:06:06,120 --> 00:06:08,220 if you wanted to use encryption to talk to EFS, 146 00:06:08,220 --> 00:06:09,200 for now we're fine. 147 00:06:09,200 --> 00:06:13,840 And so we'll use this command right here, sudo mount -t efs 148 00:06:13,840 --> 00:06:16,670 and here is the File System ID. 149 00:06:16,670 --> 00:06:18,180 So we have to use that. 150 00:06:18,180 --> 00:06:19,830 So let's try it out. 151 00:06:19,830 --> 00:06:21,570 And we have to get the File System ID, 152 00:06:21,570 --> 00:06:23,980 so let's go back to EFS. 153 00:06:23,980 --> 00:06:27,460 Oh, this is the right File System ID because we are in EFS. 154 00:06:27,460 --> 00:06:29,390 As you can see it's gone from here. 155 00:06:29,390 --> 00:06:31,860 So let's go back to the mounting instructions 156 00:06:31,860 --> 00:06:33,840 and we're going to run this command 157 00:06:34,690 --> 00:06:35,690 and let's see what happens. 158 00:06:35,690 --> 00:06:37,270 So we are going to run it 159 00:06:37,270 --> 00:06:40,950 and make sure you add slash before the EFS. 160 00:06:40,950 --> 00:06:45,720 Press Enter and right now, not much is happening. 161 00:06:45,720 --> 00:06:48,340 So let's go back to our, here 162 00:06:48,340 --> 00:06:52,010 and as you can see though, my Mount Target is available. 163 00:06:52,010 --> 00:06:55,490 But so the problem is this looks like a timeout, 164 00:06:55,490 --> 00:06:56,600 and why is it timing out? 165 00:06:56,600 --> 00:07:00,180 Well if you do remember, we have security groups attached, 166 00:07:00,180 --> 00:07:02,330 My EFS Demo and right now, 167 00:07:02,330 --> 00:07:04,670 they don't allow it any inbound connection. 168 00:07:04,670 --> 00:07:06,890 So we need to allow the security group 169 00:07:06,890 --> 00:07:10,400 to get inbound connections from our EC2 Instance. 170 00:07:10,400 --> 00:07:13,720 So I'm going to go back to my Security Groups 171 00:07:13,720 --> 00:07:15,850 and I'm going to find my EFS Demo 172 00:07:15,850 --> 00:07:19,030 and Inbound Rules I'm going to add a Rule, 173 00:07:19,030 --> 00:07:21,290 and you can actually add any ports really, 174 00:07:21,290 --> 00:07:23,880 but I'll just add the NFS port. 175 00:07:23,880 --> 00:07:25,950 And I'll say the source is going to be 176 00:07:25,950 --> 00:07:29,220 the ec2-for-efs Security Group 177 00:07:29,220 --> 00:07:33,957 and I'll say allow traffic from my EC2 instances. 178 00:07:35,310 --> 00:07:37,330 Allow NFS traffic. 179 00:07:37,330 --> 00:07:38,700 So the idea is that now we're saying, 180 00:07:38,700 --> 00:07:41,460 okay these Instances who belong to that Group 181 00:07:41,460 --> 00:07:45,680 will be able to talk to my EFS Network File System 182 00:07:45,680 --> 00:07:46,903 on Port 2049. 183 00:07:48,110 --> 00:07:51,470 So let's click on Save and now this row has been added 184 00:07:51,470 --> 00:07:52,760 and that should help out. 185 00:07:52,760 --> 00:07:55,530 So now, let's wait and do a sudo mount 186 00:07:57,350 --> 00:07:58,720 and now it succeeded. 187 00:07:58,720 --> 00:08:01,560 So now the EFS File System is mounted 188 00:08:01,560 --> 00:08:04,210 so I can Copy this entire command 189 00:08:04,210 --> 00:08:06,120 and Paste it right here on the other one 190 00:08:06,120 --> 00:08:07,450 and now it worked as well. 191 00:08:07,450 --> 00:08:10,320 And so our EFS File System has been mounted. 192 00:08:10,320 --> 00:08:12,410 Now, how do we verify that it worked? 193 00:08:12,410 --> 00:08:15,720 Well, how about we go to the EFS Directory 194 00:08:15,720 --> 00:08:18,520 and here I'll use the sudo user just to make things simple. 195 00:08:18,520 --> 00:08:21,280 So I'll go to the EFS Directory and use the sudo user 196 00:08:22,270 --> 00:08:23,770 and here I'm just going to say 197 00:08:23,770 --> 00:08:28,020 echo "hello" > hello.txt file. 198 00:08:28,020 --> 00:08:30,957 So if I look at it, now I have a hello.txt file 199 00:08:30,957 --> 00:08:33,290 that contains the word hello. 200 00:08:33,290 --> 00:08:37,170 And this is in AZ eu-west-1a 201 00:08:37,170 --> 00:08:38,140 and now let's look at this. 202 00:08:38,140 --> 00:08:42,060 We'll do LS and we find the exact same hello.txt file, 203 00:08:42,060 --> 00:08:46,340 even though this E2 Instance is eu-west-1b. 204 00:08:46,340 --> 00:08:49,630 So I'll cat hello.text and we find the exact same content. 205 00:08:49,630 --> 00:08:52,570 So the cool thing is that now, both these Instances 206 00:08:52,570 --> 00:08:57,570 into two different AZ have access to the EFS Volume Drive 207 00:08:58,340 --> 00:09:00,460 and they can just have the same files 208 00:09:00,460 --> 00:09:04,600 mounted on the same endpoint. 209 00:09:04,600 --> 00:09:05,860 So that's really, really cool 210 00:09:05,860 --> 00:09:09,050 because we have effectively mounted an NFS drive. 211 00:09:09,050 --> 00:09:11,340 And so the really cool thing you need to see here 212 00:09:11,340 --> 00:09:14,350 is that we had to troubleshoot a timeout connection 213 00:09:14,350 --> 00:09:16,120 using Security Groups and that is something 214 00:09:16,120 --> 00:09:18,340 that can be asked of you at the exam. 215 00:09:18,340 --> 00:09:21,260 But overall, pretty easy to see how things work. 216 00:09:21,260 --> 00:09:22,410 I think it is quite natural 217 00:09:22,410 --> 00:09:25,470 and I like the way that you can get your Mount instructions 218 00:09:25,470 --> 00:09:27,400 very clear on this little popup. 219 00:09:27,400 --> 00:09:29,016 So, yes, that's it. 220 00:09:29,016 --> 00:09:31,160 You just need to know how to do these things, 221 00:09:31,160 --> 00:09:33,863 but it's pretty easy and now you're an EFS expert. 222 00:09:33,863 --> 00:09:34,696 (he laughs) 223 00:09:34,696 --> 00:09:37,213 That's it, all right I will see you in the next lecture.