Issue
The error message "mount.nfs4: access denied by server while mounting " leads to this debug page: href="https://docs.aws.amazon.com/efs/latest/ug/troubleshooting-efs-mounting.html" rel="nofollow noreferrer">https://docs.aws.amazon.com/efs/latest/ug/troubleshooting-efs-mounting.html. While the advice given is technically correct (it IS a permissions issue), it does not go very far pointing to the fix.
Solution
There are two layers to the issue:
- The policy requires that the drive be mounted with tls. Instructions for this are given here: https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-mount-helper-ec2-linux.html, IF you use the mount helper, and specify -o tls.
- The /etc/fstab created by the instance creation wizard does not perform the proper mount. In fact, the "Using the NFS client" option on that same page is equivalent to the bad entry which is created.
Here is what a proper /etc/fstab entry looks like for encryption in transit: fs-0123456789abcdef0:/ /mnt/fs-1 efs tls,_netdev 0 0
Answered By - Nathan Zook Answer Checked By - Pedro (WPSolving Volunteer)