Found it! So before I got this error:
Serverless Error ----------------------------------------
An error occurred: MyFunctionLambdaFunction - EFS file system arn:aws:elasticfilesystem:eu-west-1:<account-id>:file-system/<fs-code> referenced by access point arn:aws:elasticfilesystem:eu-west-1:<account-id>:access-point/<fsap-code> has mount targets created in all availability zones the function will execute in, but not all are in the available life cycle state yet. Please wait for them to become available and try the request again. (Service: AWSLambdaInternal; Status Code: 400; Error Code: InvalidParameterValueException; Request ID: 5dd189ac-b6a9-42ef-a8e6-7dba88019d12; Proxy: null).
I got it working by adding an additional DependsOn attribute on the AccessPoint as suggested here. The serverless yaml then looks something like this:
frameworkVersion: '2'
provider:
name: aws
stage: ${opt:stage, 'dev'}
region: eu-west-1
lambdaHashingVersion: 20201221
functions:
myFunction:
handler: some_handler
fileSystemConfig:
localMountPath: /mnt/efs
arn: !GetAtt AccessPoint.Arn
vpc:
securityGroupIds:
- !GetAtt Vpc.DefaultSecurityGroup
subnetIds:
- !Ref SubnetA
- !Ref SubnetB
- !Ref SubnetC
resources:
Resources:
Vpc:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 172.31.0.0/16
EnableDnsHostnames: True
EnableDnsSupport: True
SubnetA:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 172.31.1.0/24
VpcId: !Ref Vpc
AvailabilityZone: "${self:provider.region}a"
SubnetB:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 172.31.2.0/24
VpcId: !Ref Vpc
AvailabilityZone: "${self:provider.region}b"
SubnetC:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 172.31.3.0/24
VpcId: !Ref Vpc
AvailabilityZone: "${self:provider.region}c"
ElasticFileSystem:
Type: AWS::EFS::FileSystem
Properties:
Encrypted: true
PerformanceMode: generalPurpose
FileSystemPolicy:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "elasticfilesystem:ClientMount"
- "elasticfilesystem:ClientWrite"
Principal:
AWS: "*"
AccessPoint:
Type: AWS::EFS::AccessPoint
Properties:
FileSystemId: !Ref ElasticFileSystem
PosixUser:
Uid: "1000"
Gid: "1000"
RootDirectory:
CreationInfo:
OwnerGid: "1000"
OwnerUid: "1000"
Permissions: "0777"
Path: "/my-data"
DependsOn:
- MountTargetA
- MountTargetB
- MountTargetC
MountTargetA:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId: !Ref ElasticFileSystem
SecurityGroups:
- !GetAtt Vpc.DefaultSecurityGroup
SubnetId: !Ref SubnetA
MountTargetB:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId: !Ref ElasticFileSystem
SecurityGroups:
- !GetAtt Vpc.DefaultSecurityGroup
SubnetId: !Ref SubnetB
MountTargetC:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId: !Ref ElasticFileSystem
SecurityGroups:
- !GetAtt Vpc.DefaultSecurityGroup
SubnetId: !Ref SubnetC