1

00:00:03,259  -->  00:00:10,230
and welcome back to BackSpace Academy in
this lecture on elastic file service

2

00:00:10,230  -->  00:00:16,859
also by explain what EFS is and the
advantages and disadvantages of EFS and

3

00:00:16,859  -->  00:00:23,310
then I'll talk about mount targets and
how we use those to communicate from our

4

00:00:23,310  -->  00:00:29,810
subnets through to the elastic file
system and also talk about how we can

5

00:00:29,810  -->  00:00:35,460
access our file system from the ec2
Linux operating system and then I'll

6

00:00:35,460  -->  00:00:45,030
finally talk about the security features
of EFS so it's a simple scalable file

7

00:00:45,030  -->  00:00:50,370
storage for use with Amazon ec2
instances its network attached storage

8

00:00:50,370  -->  00:00:57,809
as opposed to EBS which is attaching a
block device storage to an ec2 instance

9

00:00:57,809  -->  00:01:04,939
and it can be accessed by multiple ec2
instances at the same time as opposed to

10

00:01:04,939  -->  00:01:11,270
block device stories such as EBS in each
install so where it fits in with the the

11

00:01:11,270  -->  00:01:17,400
storage options that are available for
ec2 there it is a file system that is

12

00:01:17,400  -->  00:01:24,119
accessed through the network as opposed
to object storage with s3 and glacier

13

00:01:24,119  -->  00:01:31,380
and block device storage we're teaching
a block device to our ec2 instance which

14

00:01:31,380  -->  00:01:38,220
is what we do with EBS and instance
store so the advantage of EFS is it's a

15

00:01:38,220  -->  00:01:44,310
fully managed service the filesystem
grows and shrinks automatically and it

16

00:01:44,310  -->  00:01:50,340
can grow to petabytes in size so very
big or I can go to as small as you want

17

00:01:50,340  -->  00:01:56,540
it you only pay for the storage space
that you use and there is no minimum fee

18

00:01:56,540  -->  00:02:02,969
the throughput it scales automatically
depending on demand so it scales to

19

00:02:02,969  -->  00:02:08,780
ensure you have consistent low latency
and it can support thousands of

20

00:02:08,780  -->  00:02:13,230
connections and it also has multiple
availability zones

21

00:02:13,230  -->  00:02:19,379
own replication of your data so there's
some fantastic advantages of EFS the

22

00:02:19,379  -->  00:02:24,239
disadvantages EFS it's not available in
all regions like with most new services

23

00:02:24,239  -->  00:02:29,129
with AWS but that is expanding all the
time and it won't be too long before f

24

00:02:29,129  -->  00:02:35,040
is available in all regions it doesn't
have cross region capability but of

25

00:02:35,040  -->  00:02:40,230
course neither does EBS it's a little
bit more complicated to provision

26

00:02:40,230  -->  00:02:50,940
compared to s3 and EBS so for us to
access the EFS share after it's been

27

00:02:50,940  -->  00:02:57,540
created we need a mount target located
in a subnet in the subnet that our ec2

28

00:02:57,540  -->  00:03:06,750
instance is it has been launched in so
that mount target is a VPC NFS endpoint

29

00:03:06,750  -->  00:03:10,739
in a similar way that we have endpoints
for Amazon s3 that allow us to

30

00:03:10,739  -->  00:03:19,639
communicate from our VPC out to a
service within AWS outside of our VPC

31

00:03:19,639  -->  00:03:25,319
the mount target will have an IP
address and a dns name and you can use

32

00:03:25,319  -->  00:03:30,419
that to with the linux mount command but
it's not recommended to do that it's

33

00:03:30,419  -->  00:03:35,849
better to use the dns name for the
actual EFS share rather than the dns

34

00:03:35,849  -->  00:03:43,680
name for the mount target but you can
use either and it can be mounted to

35

00:03:43,680  -->  00:03:48,599
multiple ec2 instances at the same time
so you can see there on that diagram on

36

00:03:48,599  -->  00:03:55,319
the Left we've got two ec2 instances
within availability zone there US West

37

00:03:55,319  -->  00:04:03,750
to a that are both mounted to the same
mount target which is in now over the

38

00:04:03,750  -->  00:04:09,359
which is then connected through to the
EFS share and also the mount targets can

39

00:04:09,359  -->  00:04:13,199
be in a different subnet to the instance
but they cannot be in a different

40

00:04:13,199  -->  00:04:16,229
availability zone so you see on the
right hand side there that diagram we've

41

00:04:16,229  -->  00:04:24,659
got a ec2 instance in a subnet which is
which has a mount target from another

42

00:04:24,659  -->  00:04:27,660
subnet that is
to it so that's quite possible to do

43

00:04:27,660  -->  00:04:34,639
that but you couldn't have an ec2
instance in one availability zone

44

00:04:34,639  -->  00:04:39,270
mounting a mount target from another
violently design that's not possible to

45

00:04:39,270  -->  00:04:47,310
do so the way that we can access our
file system from EC2, now that first of

46

00:04:47,310  -->  00:04:53,550
all requires an NFS client to be
installed on our ec2 instance now that

47

00:04:53,550  -->  00:04:58,919
is standard on the current Linux
distributions and if you're using the

48

00:04:58,919  -->  00:05:03,539
Amazon Linux ami it will be it will come
up pre-installed on that so you don't

49

00:05:03,539  -->  00:05:08,639
need to worry about that you mount the
filesystem you didn't enix now command

50

00:05:08,639  -->  00:05:14,280
similar to what you would do with EBS or
instance store but you use the domain

51

00:05:14,280  -->  00:05:20,729
name for the EFS share and the
filesystem DNS name or the mount point

52

00:05:20,729  -->  00:05:29,039
point this dns name can be used to mount
the EFS on the FS share on ec2 but it is

53

00:05:29,039  -->  00:05:32,610
recommended to use a filesystem
and DNS name and it's much easy to do

54

00:05:32,610  -->  00:05:38,610
that there are a number of security
features of EFS that you can use

55

00:05:38,610  -->  00:05:43,500
obviously we have I am permissions to
create update and delete which we can

56

00:05:43,500  -->  00:05:50,069
set up on a user or group basis we also
have easy to security groups that can be

57

00:05:50,069  -->  00:05:57,659
set as inbound rules for EFS and also
vice versa we can have security group

58

00:05:57,659  -->  00:06:04,800
rules for EFS as inbound for ec2 as well
we can use network access control list

59

00:06:04,800  -->  00:06:10,169
to further control traffic and we also
have Linux UNIX file route only

60

00:06:10,169  -->  00:06:15,090
permissions by the fault and we change
those file permissions using CHOWN or

61

00:06:15,090  -->  00:06:23,520
chmod commands within Linux as we would
do with any other Linux file server so

62

00:06:23,520  -->  00:06:29,610
that's it for now the best way to learn
about EFS is to get your hands on and

63

00:06:29,610  -->  00:06:34,370
use it which is what we'll do in the
next lecture