Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

ECS: Mount EFS volume

See original GitHub issue

I want to be able to create an EFS volume and mount it in a docker container with CDK.

I tried figuring out how to use an Access Point but can’t figure out how to specify the AP ID in a Volume definition. Don’t see anything about access points in ECS docs. I tried creating an EFS volume and mounting it but I can’t write to it and I have no way to change the permissions. I’m using a community docker image I’d rather use as-is without modifying.

Surely this is a common use case - create a writeable persistent volume and mount it.

Use Case

I’m building this - https://github.com/jetbridge/lemmy-cdk

Proposed Solution

A way to mount an EFS access point in a fargate task definition or a way to mount the entire EFS volume as writeable.

Other

const fs = new FileSystem(this, "FS", {
      vpc,
      encrypted: true,
      lifecyclePolicy: LifecyclePolicy.AFTER_60_DAYS,
      performanceMode: PerformanceMode.GENERAL_PURPOSE,
      removalPolicy: RemovalPolicy.RETAIN,
      fileSystemName: "LemmyFS",
      enableAutomaticBackups: false,
    });

    const assetVolume: Volume = {
      efsVolumeConfiguration: {
        fileSystemId: fs.fileSystemId,
      },
      name: "assets",
    };


    const container = taskDef.addContainer(PICTRS_NAME, {
      image: ContainerImage.fromRegistry(PICTRS_IMAGE),
      logging: LogDriver.awsLogs({ streamPrefix: PICTRS_NAME }),
      environment: { PICTRS_PATH: "/mnt/assets" },
    });
    // mount asset storage volume
    container.addMountPoints({
      sourceVolume: assetVolume.name,
      containerPath: "/mnt/assets",
      readOnly: false,
    });

👋 I may be able to implement this feature request
⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

Issue Analytics

State:
Created 3 years ago
Reactions:3
Comments:8 (3 by maintainers)

Top GitHub Comments

2reactions

Kitenitecommented, Nov 20, 2022

Since this was frustrating for me and I don’t see the full solution here, here’s what worked for me. Permission needs to be added and access point mounts needed to be created. See example below:

  
    mountDirectoryToContainers() {
        const sourceVolume = "SdSourceVolume";
        const sourcePath = "/data";

        const fileSystem = new FileSystem(this, `${APP_NAME}FileSystem`, {
            vpc: this.vpc,
            encrypted: true,
            lifecyclePolicy: LifecyclePolicy.AFTER_14_DAYS,
            performanceMode: PerformanceMode.GENERAL_PURPOSE,
            throughputMode: ThroughputMode.BURSTING,
            removalPolicy: RemovalPolicy.DESTROY
        });

        fileSystem.connections.allowDefaultPortFrom(this.ecsService.connections);

        const efsAccessPoint = fileSystem.addAccessPoint('AccessPoint');
        efsAccessPoint.node.addDependency(fileSystem);

        const efsMountPolicy = (new PolicyStatement({
            actions: [
                'elasticfilesystem:ClientMount',
                'elasticfilesystem:ClientWrite',
                'elasticfilesystem:ClientRootAccess'
            ], 
            resources: [
                efsAccessPoint.accessPointArn,
                fileSystem.fileSystemArn
            ]
        }))

        this.taskDefinition.addToTaskRolePolicy(efsMountPolicy)
        // This policy permission is probably not necessary.
        this.taskDefinition.addToExecutionRolePolicy(efsMountPolicy)

        this.taskDefinition.addVolume({
            name: sourceVolume,
            efsVolumeConfiguration: {
                fileSystemId: fileSystem.fileSystemId,
                transitEncryption: 'ENABLED',
                authorizationConfig: {
                    accessPointId: efsAccessPoint.accessPointId,
                }
            },
        });

        this.downloadContainer.addMountPoints({
            containerPath: sourcePath,
            sourceVolume,
            readOnly: false,
        });
        
        this.inferenceContainer.addMountPoints({
            containerPath: sourcePath,
            sourceVolume,
            readOnly: false,
        });
    }

2reactions

JoelVenablecommented, Aug 16, 2022

First, ensure you are using an up-to-date CDK version for the latest features.

I didn’t wind up going this direction so I don’t have a working example, but it looks like the pathway is:

use the addVolume method on the TaskDefinition, and provide an efsVolumeConfiguration.
use the addMountPoints method on the ContainerDefinition, ensuring the name property is the same between the two methods.

Top Results From Across the Web

Tutorial: Using Amazon EFS file systems with Amazon ECS ...

Amazon Elastic File System (Amazon EFS) provides simple, scalable file storage for use with your Amazon ECS tasks. With Amazon EFS, storage capacity...

Can we mount EFS on AWS ECS docker container?

Original Answer. As of August 2018, with docker volume support, you can now mount NFS shares directly into an ECS container. The documentation ......

How To Connect an EFS Volume to a ECS Docker Container

You can use this in your container definition as a mount point. Select “Add Container” (or edit an existing one), and under “Storage...

Attaching an EFS file system to an ECS Task with Terraform

This new method to mount an EFS volume greatly simplifies things, as it allows us to take the EC2 configuration out of the...

EC2 Task EFS mount issue - AWS re:Post

mount it in the task. ECS is able to mount the EFS volume inside the task directly (without configuring the EC2 instance). We...