AWS Certified Cloud Practitioner

Get started today

Ultimate access to all questions.

Explanation:

EFS uses NFS protocol (port 2049). The mount target's security group must explicitly allow inbound traffic on NFS from the EC2 instances' security groups for successful mounting, even in a new AZ.

Explanation:

EFS uses NFS protocol (port 2049). The mount target's security group must explicitly allow inbound traffic on NFS from the EC2 instances' security groups for successful mounting, even in a new AZ.

Comments (0)

No comments yet.

A company runs an application on a large fleet of Amazon EC2 instances to process financial transactions. The EC2 instances share data by using an Amazon Elastic File System (Amazon EFS) file system. The company wants to deploy the application to a new Availability Zone and has created new subnets and a mount target in the new Availability Zone. When a SysOps administrator launches new EC2 instances in the new subnets, the EC2 instances are unable to mount the file system. What is a reason for this issue?

Exam-Like

RRitesh

Last updated: May 3, 2026 at 02:00

The EFS mount target has been created in a private subnet.

The IAM role that is associated with the EC2 instances does not allow the efs:MountFileSystem action.

The route tables have not been configured to route traffic to a VPC endpoint for Amazon EFS in the new Availability Zone.

The security group for the mount target does not allow inbound NFS connections from the security group used by the EC2 instances.