What is EFS mount target and why do we create multiple mount targets

Question

Can anybody explain what AWS EFS mount targets mean? AWS document says it is for you to access EFS, which I do not understand.

Here is my understanding of EFS mount targets: when you create EFS, at backend, AWS needs to choose a place to launch a server, that is why it asks you for the VPC, su.net info., just like when you create an EC2, you need to tell which VPC, su.net you want to have this EC2 launched. But then why all of AWS document and tutorials teach you to create multiple mount targets, one for each su.net? Doesn't the security group of a mount target good enough to control the access to the EFS?

Can anybody explain what is EFS mount target used for and why we need multiple mount targets, one for each su.net? Thanks

Answer 1

EFS mount targets are not "servers", but elastic.network interfaces which expose EFS to your VPC. Your client access EFS by connecting to the mount targets (ie ENIs).

But then why all of AWS document and tutorials teach you to create multiple mount targets, one for each su.net?

Its not about "each su.net" per-se, but for each availability zone (AZs). So if your VPC spans 3 AZs, to ensure high availability of access to your filesystem, a good practice is to create a mount target for each AZ.

Doesn't the security group of a mount target good enough to control the access to the EFS?

Yes, SGs are usually enough. But you can also control access to your filesytem through IAM policies and permissions .

Answer 2

To put it in a simple way, Mount targets are like portals to access the (same) files and creating multiple mount targets is allowing more number of portals (which is not a good idea). To make sure our data is highly available (incase, when one of the AZs goes down) we are asked to create at least a standard class storage (which maintains at least 3 copies of our data).