Amazon Web Services (AWS) - List Elastic File Systems (EFS) Mount Target Security Groups using the AWS CLI

by
Jeremy Canfield |
Updated: October 03 2023
| Amazon Web Services (AWS) articles
The aws efs describe-file-systems command can be used to list the Elastic File Systems (EFS) that have been created.
~]# aws efs describe-file-systems
{
"FileSystems": [
{
"OwnerId": "123456789012",
"CreationToken": "my-efs",
"FileSystemId": "fs-0d1500aa4f4b50839",
"FileSystemArn": "arn:aws:elasticfilesystem:us-east-1:123456789012:file-system/fs-0d1500aa4f4b50839",
"CreationTime": "2023-09-27T04:55:23+00:00",
"LifeCycleState": "available",
"Name": "my-efs",
"NumberOfMountTargets": 1,
"SizeInBytes": {
"Value": 24576,
"Timestamp": "2023-10-02T10:13:00+00:00",
"ValueInIA": 0,
"ValueInStandard": 24576
},
"PerformanceMode": "generalPurpose",
"Encrypted": true,
"KmsKeyId": "arn:aws:kms:us-east-1:123456789012:key/f0c9f7f5-1956-4b8d-bb2f-e0f9aa951309",
"ThroughputMode": "bursting",
"Tags": [
{
"Key": "Name",
"Value": "my-efs"
},
{
"Key": "Role",
"Value": "AWS EFS File Storage"
}
]
}
]
}
Then the aws efs describe-mount-targets can be used to list the Elastic File System (EFS) Mount Targets.
~]# aws efs describe-mount-targets --file-system-id fs-0d1500aa4f4b50839
{
"MountTargets": [
{
"OwnerId": "123456789012",
"MountTargetId": "fsmt-0481f8dfc2b5c6488",
"FileSystemId": "fs-0d1500aa4f4b50839",
"SubnetId": "subnet-0316e4d9fcd4efccc",
"LifeCycleState": "available",
"IpAddress": "172.31.81.6",
"NetworkInterfaceId": "eni-02b54b783c735dcba",
"AvailabilityZoneId": "use1-az2",
"AvailabilityZoneName": "us-east-1b",
"VpcId": "vpc-014d2fcfa335d3c01"
}
]
}
And then the aws efs describe-mount-target-security-groups command can be used to list the Security Groups associated with the Mount Target.
~]# aws efs describe-mount-target-security-groups --mount-target-id fsmt-0481f8dfc2b5c6488
{
"SecurityGroups": [
"sg-04c441ca1ce1b121b"
]
}
And then the aws ec2 describe-security-group-rules command can be used to list the inbound (ingress) and output (egress) rules for the Security Group.
~]# aws ec2 describe-security-group-rules --filter Name="group-id",Values="sg-04c441ca1ce1b121b"
{
"SecurityGroupRules": [
{
"SecurityGroupRuleId": "sgr-0aa26ef2018a66ca3",
"GroupId": "sg-04c441ca1ce1b121b",
"GroupOwnerId": "123456789012",
"IsEgress": false,
"IpProtocol": "tcp",
"FromPort": 2049,
"ToPort": 2049,
"CidrIpv4": "0.0.0.0/0",
"Description": "Allow NFS",
"Tags": []
},
{
"SecurityGroupRuleId": "sgr-0b91959bb3ab49c3b",
"GroupId": "sg-04c441ca1ce1b121b",
"GroupOwnerId": "123456789012",
"IsEgress": true,
"IpProtocol": "-1",
"FromPort": -1,
"ToPort": -1,
"CidrIpv4": "0.0.0.0/0",
"Tags": []
}
]
}
Did you find this article helpful?
If so, consider buying me a coffee over at