AWS EFS from Windows Server 2012

Starting from the NFSv4.1 client made by folks at CITI @ University of Michigan, with a few relatively minor changes, you can get a working connection to an AWS EFS filesystem.

As @kafka points out: AWS EFS disallows / fails when any client specifies a share deny value other than OPEN4_SHARE_DENY_NONE. Luckily the CITI folks discovered this as a possible problem and added a definition that, when commented out, will only ever use OPEN4_SHARE_DENY_NONE for the share deny value.

Once this definition is commented out, then you need to recompile it for your system – relatively trivial if you use the versions of Visual Studio and WDK that the readme specifies. One gotcha was that the self-signed certificate process needs to not use the outdated Root Agency certificate (since it's only 512-bit). Use certreq instead.

I'm working on collecting this knowledge into a fork of the CITI code at Github. (I'm sure you either solved your problem or moved on, but good luck to those folks who landed here from Google!)

I used a workaround. In my case I just needed access to the EFS share on a Windows 2016 Server EC2 instance. Speed / throughput weren't exactly a concern.

I spun up a t2.nano Linux/Ubuntu instance, mounted the EFS share on that instance and then setup a SMB share on the linux instance to serve the mounted EFS file system over the network.

After that it was just a matter of mapping the network folder to a drive on the Windows 2016 server EC2 instance.

Setting up a SMB share on a Linux/Ubuntu instance is pretty straight forward as described in the Ubuntu docs here.

No it is not supported. AWS specifically state that it is not possible in their documentation.

For example,

Using Amazon EFS with Microsoft Windows Amazon EC2 instances is not supported.AWS EFS setup docs

A more technical explanation of why this is not possible here:

Deny share NFS supports the concept of a share deny, primarily used by Windows clients for users to deny others access to a particular file that has been opened. Amazon EFS does not support this, and returns the NFS error NFS4ERR_NOTSUPP for any OPEN commands specifying a share deny value other than OPEN4_SHARE_DENY_NONE. Linux NFS clients do not use anything other than OPEN4_SHARE_DENY_NONE. AWS document reference

I have not managed to find any third party clients which will workaround this.