挂载 EFS 文件系统时任务在 3.00 秒后超时。请确保 VPC 配置正确且 EFS 文件系统可访问。
Task timed out after 3.00 seconds while mounting EFS file system. Ensure that the VPC is configured correctly and the EFS file system is accessible.
ID: cloud/aws-lambda-efs-mount-timeout
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| AWS Lambda runtime Python 3.12 | active | — | — | — |
| AWS Lambda runtime Node.js 20 | active | — | — | — |
| EFS Mount Target API 2015-02-01 | active | — | — | — |
根因分析
Lambda 函数的 VPC 配置(子网、安全组)阻止其访问 EFS 挂载目标,或者 EFS 文件系统与 Lambda 子网位于不同的可用区。
English
Lambda function's VPC configuration (subnets, security groups) prevents it from reaching the EFS mount target, or the EFS file system is in a different availability zone than the Lambda's subnet.
官方文档
https://docs.aws.amazon.com/lambda/latest/dg/services-efs.html解决方案
-
确保 Lambda 的 VPC 子网与 EFS 挂载目标位于相同的可用区。在 Lambda 子网所在的每个可用区创建挂载目标。如果只使用一个挂载目标,确保 Lambda 子网在该可用区。
-
检查安全组规则:EFS 挂载目标安全组必须允许来自 Lambda 安全组的入站 NFS(端口 2049)。添加规则:类型=NFS,协议=TCP,端口=2049,来源=<lambda-security-group-id>。
-
验证 EFS 文件系统策略允许来自 Lambda VPC 的访问。如果策略设置为 '拒绝来自非同一账户 VPC 的访问',则添加显式允许 Lambda VPC 的规则。
无效尝试
常见但无效的做法:
-
100% 失败
Increasing Lambda timeout to 15 minutes doesn't fix the network connectivity issue; the mount attempt will still fail.
-
75% 失败
Adding more subnets to the Lambda VPC config without ensuring they are in the same AZ as the EFS mount target may still fail.
-
90% 失败
Using a public subnet without a NAT gateway for Lambda doesn't help because EFS mount targets require VPC internal connectivity.