Agentless, cloud-native backup for Amazon Web Services (AWS)
Post Reply
DavidHunter
Lurker
Posts: 1
Liked: never
Joined: Sep 25, 2023 10:41 pm
Full Name: David Hunter
Contact:
Contact DavidHunter

Feature Request: Use the EFS mount helper for Indexing mounts with IAM policy applied

Post by DavidHunter »

We have cases where file system policy has been applied that only allows mounting on the following conditions:
  • the instances have the correct IAM role applied
  • mounting is via the access points
  • TLS is enforced
This is an example of the file system policy:

Code: Select all

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::012345678901:role/ec2-efs-instance-role"
            },
            "Action": [
                "elasticfilesystem:ClientWrite",
                "elasticfilesystem:ClientRootAccess",
                "elasticfilesystem:ClientMount"
            ],
            "Resource": "arn:aws:elasticfilesystem:<region>:012345678901:file-system/fs-0123456789abcdefg",
            "Condition": {
                "Bool": {
                    "elasticfilesystem:AccessedViaMountTarget": "true",
                    "aws:SecureTransport": "true"
                }
            }
        }
    ]
}
To successfully mount, the EFS Helper is required to help pass IAM role information on during the mount process.

When using VBA to back up the EFS with Indexing turned on, it appears the instance that VBA launches to mount the share to perform indexing only uses the built in mount.nfs to mount the share, which won't work with the above file system policy applied:

Code: Select all

Processing efs-backup-policy failed: Failed to mount file system: Async command 44a321a1-8334-4a5b-8432-f0b73bc9852f failed with code 32: mount.nfs4: access denied by server while mounting 10.0.0.111:/
It was confirmed by Veeam Support that using the EFS Helper for mounting isn't available and suggested I put in a feature request via this forum.

https://docs.aws.amazon.com/efs/latest/ ... elper.html
https://docs.aws.amazon.com/efs/latest/ ... ption.html
https://docs.aws.amazon.com/efs/latest/ ... oints.html
Top
nielsengelen
Product Manager
Posts: 5800
Liked: 1217 times
Joined: Jul 15, 2013 11:09 am
Full Name: Niels Engelen
Contact:
Contact nielsengelen

Re: Feature Request: Use the EFS mount helper for Indexing mounts with IAM policy applied

Post by nielsengelen »

Hi David,

We'll look into this for the future but I cannot promise when this will be available within the product.

Thanks for your request!
Personal blog: https://foonet.be
GitHub: https://github.com/nielsengelen
Top
Post Reply

Return to “Amazon Web Services”



Who is online

Users browsing this forum: No registered users and 2 guests