Attach Volume EFS in ECS
Solution 1
You need to open port 2049 inbound on the security group on the network interface and task definition. It was not automatically set up even though If you set it to create the security group for you.
Solution 2
It's been a while now but I've had the same issue and it was a bit confusing to understand how to proceed. When you create your EFS Volume, you choose a VPC and one Security Group to each Subnet.
You need to go to edit this Security Group to add an Inbound rule of type
NFS to allow access (tcp port 2049) to the Security Group Identifier of your ECS cluster service that you want to allow access to. For that, just select Custom in the source
field and type service's Security Group identifier on the text box.
For more information this article describes the whole process very well.
Solution 3
If you enabled IAM Authorization while associating the Task Definition to the volume, you also need to update its Task Execution Role. You need to attach the policies required to access EFS to it.
ramondea
Updated on June 21, 2022Comments
-
ramondea over 1 year
When trying to mount an EFS file system together with ECS, I get the following error:
ResourceInitializationError: failed to invoke EFS utils commands to set up EFS volumes: stderr: mount.nfs4: Connection reset by peer : unsuccessful EFS utils command execution; code: 32
My Stack:
--- AWSTemplateFormatVersion: "2010-09-09" Description: "Template Test" Outputs: FileSystemID: Description: "File system ID" Value: Ref: FileSystem Parameters: VolumeName: Default: myEFSvolume Description: "The name to be used for the EFS volume" MinLength: "1" Type: String Resources: ECSCluster: Properties: ClusterName: jenkins-cluster Type: "AWS::ECS::Cluster" EFSMountTarget1: Properties: FileSystemId: Ref: FileSystem SecurityGroups: - "sg-0082cea75ba714505" SubnetId: "subnet-0f0b0d3aaada62b6c" Type: "AWS::EFS::MountTarget" FileSystem: Properties: Encrypted: true FileSystemTags: - Key: Name Value: Ref: VolumeName PerformanceMode: generalPurpose Type: "AWS::EFS::FileSystem" JenkinsService: Type: "AWS::ECS::Service" Properties: Cluster: Ref: ECSCluster DesiredCount: 2 LaunchType: FARGATE NetworkConfiguration: AwsvpcConfiguration: AssignPublicIp: ENABLED SecurityGroups: - "sg-0082cea75ba714505" Subnets: - "subnet-0f0b0d3aaada62b6c" PlatformVersion: "1.4.0" ServiceName: JenkinsService TaskDefinition: Ref: JenkinsTaskDef JenkinsTaskDef: Type: "AWS::ECS::TaskDefinition" Properties: Cpu: 2048 Memory: 4096 Family: efs-example-task-fargate NetworkMode: awsvpc TaskRoleArn: "arn:xxxxx/ecs" ExecutionRoleArn: "arn:xxxxxx:role/ecs" RequiresCompatibilities: - FARGATE ContainerDefinitions: - Cpu: 1024 Memory: 2048 PortMappings: - HostPort: 8080 ContainerPort: 8080 - HostPort: 50000 ContainerPort: 50000 image: "xxxxxxx.dkr.ecr.us-east-1.amazonaws.com/sample:latest" mountPoints: - containerPath: /var/jenkins_home readOnly: false sourceVolume: myEfsVolume name: jenkins volumes: - name: myEfsVolume efsVolumeConfiguration: fileSystemId: Ref: FileSystem rootDirectory: /var/jenkins_home transitEncryption: ENABLED
I am performing according to documentation:
https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_EFSVolumeConfiguration.html
-
Ryan Nguyen almost 3 yearsYou may notice to ensure that your subnet is able to connect to your EFS volume.
-
Ruben Alves over 2 yearsFor me, it only worked when I removed all policies from the EFS file system. Bear in mind that what I did is just a temporary solution for testing purposes only.
-
arvymetal over 1 yearIndeed, in my case the ElasticFileSystem policy was missing! It is not mentioned in AWS troubleshooting doc: aws.amazon.com/fr/premiumsupport/knowledge-center/…. Thanks a lot!