1 00:00:02,000 --> 00:00:07,919 and welcome back to Backspace Academy in this lecture on an elastic file system 2 00:00:07,919 --> 00:00:14,240 we'll explore EFS as an option for Amazon ec2 or as a storage option for Amazon ec2 3 00:00:14,240 --> 00:00:20,340 will create an EFS share and EFS mount points in multiple availability zones 4 00:00:20,340 --> 00:00:27,090 and will then create an ec2 instance and mount the EFS share using the linux 5 00:00:27,090 --> 00:00:34,110 operating system of that ec2 instance through an EFS mount point so we're 6 00:00:34,110 --> 00:00:43,469 going to create and if it's share in the US east one region and we're going to 7 00:00:43,469 --> 00:00:48,600 use the default VPC simply because it's already got subnets created within all 8 00:00:48,600 --> 00:00:52,590 the availability zones it's going to make life a little bit easier for us so 9 00:00:52,590 --> 00:00:56,820 we can see there we've got our multiple availability zones for that US East a 10 00:00:56,820 --> 00:01:02,940 wine region and what we're going to do is we're going to create mount targets 11 00:01:02,940 --> 00:01:09,000 for each one of those subnets and you cannot create a mount target unless 12 00:01:09,000 --> 00:01:13,619 there is a subnet inside the availability zone and then we're going 13 00:01:13,619 --> 00:01:17,909 to use one of those availability zones one of those subjects within that 14 00:01:17,909 --> 00:01:24,840 availability zone to launch an ec2 instance into and we're going to connect 15 00:01:24,840 --> 00:01:30,780 into that instance and mount to that EFS mount target to that ec2 instance using 16 00:01:30,780 --> 00:01:33,650 the Linux operating system 17 00:01:33,680 --> 00:01:40,350 okay so I'm just here in the EFS console if you haven't created an elastic 18 00:01:40,350 --> 00:01:44,310 filesystem before you'll be presented with this Welcome screen so we're just 19 00:01:44,310 --> 00:01:50,250 going to click on create filesystem and we select the VPC that we're going to 20 00:01:50,250 --> 00:01:55,860 be putting out mount points into so I've only got the default VPC on on this 21 00:01:55,860 --> 00:02:01,100 account so we'll leave it at that now what it will do is it will create 22 00:02:01,100 --> 00:02:11,220 mount targets for us now mount targets need to be located in a VPC subnet if 23 00:02:11,220 --> 00:02:13,990 you don't have any subnets in the availabilities 24 00:02:13,990 --> 00:02:18,400 oan then you won't be able to create a mount target for that availability zone 25 00:02:18,400 --> 00:02:22,960 so here because I'm using the default VPC which has subnets in each 26 00:02:22,960 --> 00:02:28,240 availability zone we have an option there too that we can select to create a 27 00:02:28,240 --> 00:02:32,800 mount point in that availability zone but if we didn't have for example it 28 00:02:32,800 --> 00:02:39,580 here if we didn't have a subnet in us east one D that option to create a mount 29 00:02:39,580 --> 00:02:45,910 point in u.s. East one D it would not be available for us then we have our 30 00:02:45,910 --> 00:02:51,400 security groups that will be associated with this mount target so I'm just going 31 00:02:51,400 --> 00:02:56,020 to leave it for now with the default security or the default VPC security 32 00:02:56,020 --> 00:03:00,190 groups that have been Auto populated there for me but we will change that 33 00:03:00,190 --> 00:03:05,740 later on to add our security group that is associated with our ec2 instance that 34 00:03:05,740 --> 00:03:14,050 we're going to create later so I'll just click on the next step and we just give 35 00:03:14,050 --> 00:03:24,940 this a name that will do and we're just going to use general purpose default 36 00:03:24,940 --> 00:03:30,670 setting for performance mode and next step so now we've just got to review it 37 00:03:30,670 --> 00:03:34,030 and create our file system so we can see there we've got our default VPC that 38 00:03:34,030 --> 00:03:40,900 it's going to be associated with and we have our mount points here for each one 39 00:03:40,900 --> 00:03:45,790 of the availability zones of that default VPC and the security group will 40 00:03:45,790 --> 00:03:50,530 be the default VPC security group that the that the mount points will be 41 00:03:50,530 --> 00:03:55,120 associated with and we've got our name tag there of course some creep shot 42 00:03:55,120 --> 00:03:58,590 create file system 43 00:04:03,810 --> 00:04:07,560 so after a certain amount of time we're going to get this up and what it will be 44 00:04:07,560 --> 00:04:12,840 doing is it will have its lifecycle state as being creating so we need to 45 00:04:12,840 --> 00:04:19,109 allow a few minutes for that to go to from creating to available and then we 46 00:04:19,109 --> 00:04:24,750 can go on and create a ec2 instance and start mounting this using that mount 47 00:04:24,750 --> 00:04:31,350 point so after a few minutes we'll see that the lifecycle state will change to 48 00:04:31,350 --> 00:04:35,910 available you just need to click on refresh up here and refresh it if it 49 00:04:35,910 --> 00:04:42,560 doesn't come up after a certain amount of time and so that is our elastic file 50 00:04:42,560 --> 00:04:49,020 system setup our EFS share has been set up so what we need to do now is 51 00:04:49,020 --> 00:04:54,720 to go into the ec2 service and create a ec2 instance and launch it in one of 52 00:04:54,720 --> 00:04:58,160 these availability zones 53 00:05:05,770 --> 00:05:10,979 so we're launchin instance we're just going to use the Amazon Linux AMI 54 00:05:10,979 --> 00:05:17,560 We will just use a t2 micro and we'll make sure that we have a public IP address 55 00:05:17,560 --> 00:05:24,610 and we don't need to add storage add tags it's going to add a name tag for 56 00:05:24,610 --> 00:05:35,819 this and we're going to call it the EFS test that'll do 57 00:05:38,940 --> 00:05:43,870 ok so now we need to create a security group so I'm just going to give this a 58 00:05:43,870 --> 00:05:49,830 name EFS test or EFS security group maybe 59 00:05:49,919 --> 00:06:03,069 that will do your security group so two things that we need for this security 60 00:06:03,069 --> 00:06:08,229 group is we need to have to be able to connect into it to have SSH into it and 61 00:06:08,229 --> 00:06:12,550 on port 22 which we've got there we also need to later on after we've created 62 00:06:12,550 --> 00:06:22,210 this to add a rule that will allow NFS inbound for our EFS share so we're not 63 00:06:22,210 --> 00:06:26,620 going to do that now we'll do that after I've created the ec2 instance so we just 64 00:06:26,620 --> 00:06:35,740 click on review and launch, and launch, we will use a key pair that we've used 65 00:06:35,740 --> 00:06:37,979 before 66 00:06:45,289 --> 00:06:50,910 so there's our instance all happening so what I'm going to do is go into this 67 00:06:50,910 --> 00:07:03,860 efs security group we created before and I'm going to copy its ID and 68 00:07:03,860 --> 00:07:15,030 I'm going to jump back into the EFS console and I'm going to modify our file 69 00:07:15,030 --> 00:07:19,770 system access so I'm going to modify all these mapping this mount target and we 70 00:07:19,770 --> 00:07:23,370 need to have access for that for our security group so you're only to click 71 00:07:23,370 --> 00:07:26,849 on here many file system access so I can go up to here and manage file system 72 00:07:26,849 --> 00:07:37,949 access and what I'm going to do is add two US East one a the security group for 73 00:07:37,949 --> 00:07:47,699 our ec2 instance which is here EFS - SG so it's always good practice to make 74 00:07:47,699 --> 00:07:51,539 sure that you put that security group in all of your availability zones which is 75 00:07:51,539 --> 00:07:55,310 what I'm just going to do now so just going to select that in there for each 76 00:07:55,310 --> 00:08:08,090 availability zone and save that 77 00:08:13,310 --> 00:08:17,390 and there we can see all of the availability zones are set up to use 78 00:08:17,390 --> 00:08:24,740 that EFS security group or are associated with EFS security group so 79 00:08:24,740 --> 00:08:32,120 the next thing we need to do is to allow inbound access to our ec2 instance from 80 00:08:32,120 --> 00:08:37,760 our EFS share otherwise we're not going to be able to mount that so we go into 81 00:08:37,760 --> 00:08:41,750 security group here upwards through select our ec2 instance we go to the 82 00:08:41,750 --> 00:08:46,970 security group for that and click on it and then we can add an inbound rule for 83 00:08:46,970 --> 00:08:56,690 that so just add another inbound rule, so add, which will be a NFS and that will be 84 00:08:56,690 --> 00:09:02,720 custom with our security group so it'll be SG and that security group that we 85 00:09:02,720 --> 00:09:08,810 used before and if we save that that will be all we need to do from a 86 00:09:08,810 --> 00:09:15,770 security perspective to allow us to mount the EFS share on our ec2 instance 87 00:09:15,770 --> 00:09:22,250 so we've associated the ec2 security group without rio fester and we've also 88 00:09:22,250 --> 00:09:29,060 done the same for the ec2 instance as well to associate the EFS share to that 89 00:09:29,060 --> 00:09:36,050 as well so what we need to do now is to connect into this ec2 instance and mount 90 00:09:36,050 --> 00:09:41,140 our EFS mount target 91 00:09:41,170 --> 00:09:46,550 so before we start connecting into our instance just want to jump back into the 92 00:09:46,550 --> 00:09:52,930 EFS console again and if we look at our file system here we can see that we have 93 00:09:52,930 --> 00:09:59,300 mount instructions for ec2 so just click on that and what that does is it saves 94 00:09:59,300 --> 00:10:02,780 us a fair bit of time here so we just don't need to worry about this setting 95 00:10:02,780 --> 00:10:07,580 up your ec2 instance we've already done that now there is an instruction here to 96 00:10:07,580 --> 00:10:13,910 do a sudo yum install of the NFS client so because we're using the amazon linux 97 00:10:13,910 --> 00:10:19,010 ami we don't need to worry about that it already comes pre-installed with the NFS 98 00:10:19,010 --> 00:10:24,890 client on it so ignore that so all this first setting up ec2 instance has 99 00:10:24,890 --> 00:10:29,370 already been done so the only thing we need to do now is 100 00:10:29,370 --> 00:10:34,860 to mount our file system so we need to make a directory for our for our mount 101 00:10:34,860 --> 00:10:42,000 point so we create or make a directory EFS for our mount point there and next 102 00:10:42,000 --> 00:10:50,520 we need to run a sudo mount command which is quite long there so it makes 103 00:10:50,520 --> 00:10:54,180 life a lot easier for us if we can just copy that so basically what it does it 104 00:10:54,180 --> 00:11:04,920 amounts that mount target and it uses the domain name for that DFS service or 105 00:11:04,920 --> 00:11:12,390 that EFS you share and that consists of the file system name and followed by EFS 106 00:11:12,390 --> 00:11:19,830 dot and then the region and then dot amazon AWS com but again makes life a 107 00:11:19,830 --> 00:11:24,900 lot easier for us now that the EFS system has created that for us or 108 00:11:24,900 --> 00:11:30,600 automatically so what I'm going to do is just copy that and I'll use that when we 109 00:11:30,600 --> 00:11:38,400 connect into our ec2 instance to run that mount command and ok so I've just 110 00:11:38,400 --> 00:11:43,470 connected into that ec2 instance the first thing we need to do is we need to 111 00:11:43,470 --> 00:11:51,510 make a directory for our EFS or we need to create a a mount point directory for 112 00:11:51,510 --> 00:12:01,500 our EFS mount point so we do sudo and MKDIR EFS let's find the next 113 00:12:01,500 --> 00:12:08,250 thing we need to do is we need to mount our EFS mount target to that EFS mount 114 00:12:08,250 --> 00:12:13,950 point directory so we copy that command it was in the EFS console and we just 115 00:12:13,950 --> 00:12:20,340 click enter and that will will start to happen for us ok so after certain amount 116 00:12:20,340 --> 00:12:25,140 of time there we can see that it has created that so now going to CD into 117 00:12:25,140 --> 00:12:31,170 that EFS here and just do a directory on it first 118 00:12:31,170 --> 00:12:37,320 and we see that it's empty and what we'll do is we'll create a file to go in 119 00:12:37,320 --> 00:12:40,670 there and see that's working so let's do touch 120 00:12:40,670 --> 00:12:48,620 and then we just do a test file in there dot txt so there we can see that we 121 00:12:48,620 --> 00:12:53,570 don't have permission so there is another layer of security for us with 122 00:12:53,570 --> 00:13:00,710 the UNIX operating system so we can only create a fault if we have root access 123 00:13:00,710 --> 00:13:07,940 there within our UNIX file system so again you use CHOWN or CHMOD to change 124 00:13:07,940 --> 00:13:11,600 the permissions of that filesystem as you would do with any other Linux file 125 00:13:11,600 --> 00:13:18,230 system this is not a course on Linux so if you need to find out about Linux do a 126 00:13:18,230 --> 00:13:21,440 course on Linux but this is not a course on Linux you don't really need to know 127 00:13:21,440 --> 00:13:26,870 Linux to pass the exams so what I'm going to do is sudo into this and then 128 00:13:26,870 --> 00:13:33,650 do at you what I'll do is save myself typing so just do the same command as we 129 00:13:33,650 --> 00:13:39,860 did before but we've sudo and so now to look at that we can see that that is 130 00:13:39,860 --> 00:13:49,490 there now so there we have we've created an EFS share we've created mount 131 00:13:49,490 --> 00:13:54,950 targets for that EFS share in availability zones we've then created an 132 00:13:54,950 --> 00:14:02,060 ec2 instance and we've associated the security groups between the ec2 instance 133 00:14:02,060 --> 00:14:07,520 and the EFS share so that they can communicate with each other and now we 134 00:14:07,520 --> 00:14:14,840 have we have actually successfully mounted that mount target to our Linux 135 00:14:14,840 --> 00:14:21,440 operating system so that's all we have to do for this lecture and I'll see you 136 00:14:21,440 --> 00:14:24,340 in the next one