# Task timed out after 3.00 seconds while mounting EFS file system. Ensure that the VPC is configured correctly and the EFS mount target is in the same subnet as the Lambda function. - **ID:** `cloud/aws-lambda-efs-mount-timeout-cross-account` - **Domain:** cloud - **Category:** network_error - **Verification:** ai_generated - **Fix Rate:** 85% ## Root Cause Lambda cannot mount EFS when the EFS file system is in a different VPC or account, even if VPC peering exists, because Lambda requires the mount target to be in the same VPC and subnet as the function's execution role. ## Version Compatibility | Version | Status | Introduced | Deprecated | |---------|--------|------------|------------| | AWS Lambda (Python 3.12 runtime) | active | — | — | | Amazon EFS (NFSv4.1) | active | — | — | | AWS RAM (Resource Access Manager) | active | — | — | ## Workarounds 1. **Create an EFS mount target in the same VPC and subnets as the Lambda function, even if the EFS file system is in another account, by using cross-account mount target creation via AWS Resource Access Manager (RAM) sharing.** (90% success) ``` Create an EFS mount target in the same VPC and subnets as the Lambda function, even if the EFS file system is in another account, by using cross-account mount target creation via AWS Resource Access Manager (RAM) sharing. ``` 2. **If cross-account is unavoidable, use an EFS replication or sync to a file system in the same account and VPC, or use an NFS proxy (e.g., an EC2 instance with a reverse proxy) in the Lambda VPC.** (75% success) ``` If cross-account is unavoidable, use an EFS replication or sync to a file system in the same account and VPC, or use an NFS proxy (e.g., an EC2 instance with a reverse proxy) in the Lambda VPC. ``` ## Dead Ends - **** — Security group rules are necessary but if the mount target is in a different VPC, Lambda's ENI cannot reach it even with open rules. (80% fail) - **** — VPC peering connects networks but Lambda's hyperplane ENI does not support cross-VPC EFS mounting; the mount target must be in the same VPC. (95% fail) - **** — Increasing Lambda timeout does not fix the fundamental connectivity issue; the mount attempt will still fail at the network layer. (90% fail)