cloud
network_error
ai_generated
true
Task timed out after 3.00 seconds while mounting EFS file system. Ensure that the VPC is configured correctly and the EFS file system is accessible from the Lambda function's VPC.
ID: cloud/aws-efs-mount-timeout-lambda
82%Fix Rate
88%Confidence
1Evidence
2023-10-05First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| AWS Lambda runtime Node.js 18 | active | — | — | — |
| AWS Lambda runtime Python 3.11 | active | — | — | — |
| EFS Mount Helper 1.0.0 | active | — | — | — |
Root Cause
AWS Lambda's EFS mount operation has a hard 3-second timeout; if the EFS file system is not reachable due to missing VPC endpoints, security group rules, or subnet routing, the mount fails.
generic中文
AWS Lambda 的 EFS 挂载操作有硬性的 3 秒超时;如果由于缺少 VPC 端点、安全组规则或子网路由而导致无法访问 EFS 文件系统,则挂载会失败。
Official Documentation
https://docs.aws.amazon.com/lambda/latest/dg/services-efs.htmlWorkarounds
-
90% success Verify VPC configuration: ensure Lambda is attached to a private subnet with a NAT gateway or VPC endpoints for EFS (`com.amazonaws.region.elasticfilesystem`), and that the security group allows inbound NFS (port 2049) from the Lambda security group
Verify VPC configuration: ensure Lambda is attached to a private subnet with a NAT gateway or VPC endpoints for EFS (`com.amazonaws.region.elasticfilesystem`), and that the security group allows inbound NFS (port 2049) from the Lambda security group
-
85% success Check EFS access point policy: ensure the IAM role for Lambda has `elasticfilesystem:ClientMount` permission on the access point ARN
Check EFS access point policy: ensure the IAM role for Lambda has `elasticfilesystem:ClientMount` permission on the access point ARN
中文步骤
Verify VPC configuration: ensure Lambda is attached to a private subnet with a NAT gateway or VPC endpoints for EFS (`com.amazonaws.region.elasticfilesystem`), and that the security group allows inbound NFS (port 2049) from the Lambda security group
Check EFS access point policy: ensure the IAM role for Lambda has `elasticfilesystem:ClientMount` permission on the access point ARN
Dead Ends
Common approaches that don't work:
-
99% fail
The 3-second timeout is hardcoded in the Lambda EFS mount helper and cannot be changed by increasing the function timeout
-
95% fail
The Lambda execution environment does not have permissions or tools to mount EFS manually; only the managed mount helper works