任务在 3.00 秒后超时,同时挂载 EFS 文件系统。请确保 VPC 配置正确,并且 EFS 挂载目标与 Lambda 函数位于同一子网中。
Task timed out after 3.00 seconds while mounting EFS file system. Ensure that the VPC is configured correctly and the EFS mount target is in the same subnet as the Lambda function.
ID: cloud/aws-lambda-efs-mount-timeout-cross-account
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| AWS Lambda (Python 3.12 runtime) | active | — | — | — |
| Amazon EFS (NFSv4.1) | active | — | — | — |
| AWS RAM (Resource Access Manager) | active | — | — | — |
根因分析
当 EFS 文件系统位于不同的 VPC 或账户中时,即使存在 VPC 对等连接,Lambda 也无法挂载 EFS,因为 Lambda 要求挂载目标与函数的执行角色位于同一 VPC 和子网中。
English
Lambda cannot mount EFS when the EFS file system is in a different VPC or account, even if VPC peering exists, because Lambda requires the mount target to be in the same VPC and subnet as the function's execution role.
官方文档
https://docs.aws.amazon.com/lambda/latest/dg/services-efs.html解决方案
-
Create an EFS mount target in the same VPC and subnets as the Lambda function, even if the EFS file system is in another account, by using cross-account mount target creation via AWS Resource Access Manager (RAM) sharing.
-
If cross-account is unavoidable, use an EFS replication or sync to a file system in the same account and VPC, or use an NFS proxy (e.g., an EC2 instance with a reverse proxy) in the Lambda VPC.
无效尝试
常见但无效的做法:
-
80% 失败
Security group rules are necessary but if the mount target is in a different VPC, Lambda's ENI cannot reach it even with open rules.
-
95% 失败
VPC peering connects networks but Lambda's hyperplane ENI does not support cross-VPC EFS mounting; the mount target must be in the same VPC.
-
90% 失败
Increasing Lambda timeout does not fix the fundamental connectivity issue; the mount attempt will still fail at the network layer.