Attaching an EFS file system to an ECS Task with Terraform
A useful guide with examples
Update: EFS support for Fargate is now generally available! + an example to get you started!
̶I̶f̶ ̶y̶o̶u̶ ̶s̶t̶u̶m̶b̶l̶e̶d̶ ̶u̶p̶o̶n̶ ̶t̶h̶i̶s̶ ̶g̶u̶i̶d̶e̶ ̶w̶h̶i̶l̶e̶ ̶l̶o̶o̶k̶i̶n̶g̶ ̶u̶p̶ ̶h̶o̶w̶ ̶t̶o̶ ̶u̶s̶e̶ ̶E̶F̶S̶ ̶w̶i̶t̶h̶ ̶A̶W̶S̶ ̶F̶a̶r̶g̶a̶t̶e̶,̶ ̶u̶n̶f̶o̶r̶t̶u̶n̶a̶t̶e̶l̶y̶ ̶i̶t̶ ̶i̶s̶ ̶n̶o̶t̶ ̶s̶u̶p̶p̶o̶r̶t̶e̶d̶ ̶y̶e̶t̶ ̶(̶a̶t̶ ̶t̶h̶e̶ ̶t̶i̶m̶e̶ ̶o̶f̶ ̶w̶r̶i̶t̶i̶n̶g̶)̶.̶
AWS recently allowed attaching an EFS file system as a volume to an ECS task without going through configuring the underlying EC2 (and Fargate); that's very convenient.
For reference, before this solution was introduced, you would have to add something along these lines to your EC2 user data:
sudo yum install -y amazon-efs-utils
mkdir /home/test
sudo mount -t efs -o tls ${efs_mount_target.mount_target_dns}:/ /home/testOther than fact that it's another thing to take care of, you have to be aware of what Availability Zone an EC2 is launched into, as well as the corresponding mount target (if the EFS is created across multiple AZs). If your application is latency sensitive or needs to be highly available, you need to make sure its configured properly.
This new method to mount an EFS volume greatly simplifies things, as it allows us to take the EC2 configuration out of the equation. It also gives us a uniform method to attach an EFS volume for all ECS launch types.
This Guide is based on the AWS tutorial on how to attach an EFS file system to an ECS Task using the new integration introduced on Jan 2020. We’ll be provisioning an ECS cluster with 2 containers (for high availability) with an nginx serving some static files; the nginx conf file and the static files to serve will be placed on an EFS to share across all running containers.
Some background on the services used in the guide before diving in:
- VPC (Virtual Private Cloud): A virtual network that is a logically isolated section of the AWS Cloud. It allows you to launch AWS resources into a virtual network that you’ve defined.
- EFS (Elastic File System): A fully managed elastic NFS file system that can be connected to multiple EC2s (and containers) as a shared file system. This can be used to allow multiple resources to process multiple files from a single location, instead of replicating them across all processing resources.
- ECS (Elastic Container Service): A fully managed container orchestration service.
Let's get down to some actual code.
We’ll start with a VPC to host our EFS file system and ECS cluster:
For simplicity, I used a single subnet in a single Availability Zone - but in real life, it would be at least 2 subnets spanning 2 AZs. This note applies to all upcoming resources in the guide.
Now, we create the EFS file system and mount target to allow access to resources that will be provisioned in the subnet created in the previous section:
Finally, we can add the ECS Related resources with a task configured to add mount an EFS volume:
Here is what you need to change to get this to work on fargate:
That's all folks! in three easy steps we can mount an EFS files system to multiples ECS tasks using Terraform.
Feel free to comment or ask questions about any of the above. Note that I haven't mentioned EC2 related resources as they were not crucial to the purposes of this guide; if requested I'll add them.
