# Task timed out after 3.00 seconds while mounting EFS file system. Ensure that the VPC is configured correctly and the EFS file system is accessible. - **ID:** `cloud/aws-lambda-efs-mount-timeout` - **Domain:** cloud - **Category:** network_error - **Verification:** ai_generated - **Fix Rate:** 88% ## Root Cause Lambda function's VPC configuration (subnets, security groups) prevents it from reaching the EFS mount target, or the EFS file system is in a different availability zone than the Lambda's subnet. ## Version Compatibility | Version | Status | Introduced | Deprecated | |---------|--------|------------|------------| | AWS Lambda runtime Python 3.12 | active | — | — | | AWS Lambda runtime Node.js 20 | active | — | — | | EFS Mount Target API 2015-02-01 | active | — | — | ## Workarounds 1. **Ensure Lambda's VPC subnets are in the same availability zones as the EFS mount targets. Create mount targets in each AZ where Lambda subnets exist. If using a single mount target, ensure Lambda subnet is in that AZ.** (95% success) ``` Ensure Lambda's VPC subnets are in the same availability zones as the EFS mount targets. Create mount targets in each AZ where Lambda subnets exist. If using a single mount target, ensure Lambda subnet is in that AZ. ``` 2. **Check security group rules: EFS mount target security group must allow inbound NFS (port 2049) from the Lambda security group. Add rule: Type=NFS, Protocol=TCP, Port=2049, Source=.** (90% success) ``` Check security group rules: EFS mount target security group must allow inbound NFS (port 2049) from the Lambda security group. Add rule: Type=NFS, Protocol=TCP, Port=2049, Source=. ``` 3. **Verify EFS file system policy allows access from the Lambda's VPC. If policy is set to 'deny access from VPCs not in the same account', add an explicit allow for the Lambda's VPC.** (85% success) ``` Verify EFS file system policy allows access from the Lambda's VPC. If policy is set to 'deny access from VPCs not in the same account', add an explicit allow for the Lambda's VPC. ``` ## Dead Ends - **** — Increasing Lambda timeout to 15 minutes doesn't fix the network connectivity issue; the mount attempt will still fail. (100% fail) - **** — Adding more subnets to the Lambda VPC config without ensuring they are in the same AZ as the EFS mount target may still fail. (75% fail) - **** — Using a public subnet without a NAT gateway for Lambda doesn't help because EFS mount targets require VPC internal connectivity. (90% fail)