Please fill in the following information:

Issue description

Step 6.4 details the rule to use for the Source is "Custom: 0.0.0.0/16".  This results in an issue when the kubelet tries to mount the EFS volume for the pod:

Jun 03 12:55:28 ip-10-1-0-233 kubenswrapper[2111]: E0603 12:55:28.298476    2111 kubelet.go:1948] "Unable to attach or mount volumes for pod; skipping pod" err="unmounted volumes=[etherpad-data], unattached volumes=[], failed to process volumes=[]: timed out waiting for the condition" pod="efs-etherpad/etherpad-54c8556d58-k2j4w"

This is because the SG rule given doesn't match the range for the EFS mount target so the inbound traffic 2049/tcp isn't being allowed.  The PV and PVC are created by successfully but the pod will be stuck in a "ContainerCreating" status.

Workaround:

Change the SG inbound source to be 0.0.0.0/0

This isn't good though since it would allow inbound traffic from all IPs.  Better to determine the mount target IP and use a range based on it.  Services > Storage > EFS > (filesystem ID)  > Network tab.  SEE screenshot for the IP address assigned in a sample availability zone.

Expected result:

Etherpad pod should be in a running state using the EFS volume.