# 任务在 3.00 秒后超时，同时挂载 EFS 文件系统。请确保 VPC 配置正确，并且 EFS 挂载目标与 Lambda 函数位于同一子网中。

- **ID:** `cloud/aws-lambda-efs-mount-timeout-cross-account`
- **领域:** cloud
- **类别:** network_error
- **验证级别:** ai_generated
- **修复率:** 85%

## 根因

当 EFS 文件系统位于不同的 VPC 或账户中时，即使存在 VPC 对等连接，Lambda 也无法挂载 EFS，因为 Lambda 要求挂载目标与函数的执行角色位于同一 VPC 和子网中。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| AWS Lambda (Python 3.12 runtime) | active | — | — |
| Amazon EFS (NFSv4.1) | active | — | — |
| AWS RAM (Resource Access Manager) | active | — | — |

## 解决方案

1. ```
   Create an EFS mount target in the same VPC and subnets as the Lambda function, even if the EFS file system is in another account, by using cross-account mount target creation via AWS Resource Access Manager (RAM) sharing.
   ```
2. ```
   If cross-account is unavoidable, use an EFS replication or sync to a file system in the same account and VPC, or use an NFS proxy (e.g., an EC2 instance with a reverse proxy) in the Lambda VPC.
   ```

## 无效尝试

- **** — Security group rules are necessary but if the mount target is in a different VPC, Lambda's ENI cannot reach it even with open rules. (80% 失败率)
- **** — VPC peering connects networks but Lambda's hyperplane ENI does not support cross-VPC EFS mounting; the mount target must be in the same VPC. (95% 失败率)
- **** — Increasing Lambda timeout does not fix the fundamental connectivity issue; the mount attempt will still fail at the network layer. (90% 失败率)