Menu
When trying to mount an EFS file system together with ECS, I get the following error:
ResourceInitializationError: failed to invoke EFS utils commands to set up EFS volumes: stderr: mount.nfs4: Connection reset by peer : unsuccessful EFS utils command execution; code: 32
My Stack:
---
AWSTemplateFormatVersion: "2010-09-09"
Description: "Template Test"
Outputs:
FileSystemID:
Description: "File system ID"
Value:
Ref: FileSystem
Parameters:
VolumeName:
Default: myEFSvolume
Description: "The name to be used for the EFS volume"
MinLength: "1"
Type: String
Resources:
ECSCluster:
Properties:
ClusterName: jenkins-cluster
Type: "AWS::ECS::Cluster"
EFSMountTarget1:
Properties:
FileSystemId:
Ref: FileSystem
SecurityGroups:
- "sg-0082cea75ba714505"
SubnetId: "subnet-0f0b0d3aaada62b6c"
Type: "AWS::EFS::MountTarget"
FileSystem:
Properties:
Encrypted: true
FileSystemTags:
- Key: Name
Value:
Ref: VolumeName
PerformanceMode: generalPurpose
Type: "AWS::EFS::FileSystem"
JenkinsService:
Type: "AWS::ECS::Service"
Properties:
Cluster:
Ref: ECSCluster
DesiredCount: 2
LaunchType: FARGATE
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: ENABLED
SecurityGroups:
- "sg-0082cea75ba714505"
Subnets:
- "subnet-0f0b0d3aaada62b6c"
PlatformVersion: "1.4.0"
ServiceName: JenkinsService
TaskDefinition:
Ref: JenkinsTaskDef
JenkinsTaskDef:
Type: "AWS::ECS::TaskDefinition"
Properties:
Cpu: 2048
Memory: 4096
Family: efs-example-task-fargate
NetworkMode: awsvpc
TaskRoleArn: "arn:xxxxx/ecs"
ExecutionRoleArn: "arn:xxxxxx:role/ecs"
RequiresCompatibilities:
- FARGATE
ContainerDefinitions:
- Cpu: 1024
Memory: 2048
PortMappings:
- HostPort: 8080
ContainerPort: 8080
- HostPort: 50000
ContainerPort: 50000
image: "xxxxxxx.dkr.ecr.us-east-1.amazonaws.com/sample:latest"
mountPoints:
- containerPath: /var/jenkins_home
readOnly: false
sourceVolume: myEfsVolume
name: jenkins
volumes:
- name: myEfsVolume
efsVolumeConfiguration:
fileSystemId:
Ref: FileSystem
rootDirectory: /var/jenkins_home
transitEncryption: ENABLED
I am performing according to documentation:
https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_EFSVolumeConfiguration.html
805
To mount an Amazon EFS file system on a Fargate task or container, you must create a task definition, and then make that task definition available to the containers in your task across all Availability Zones in your AWS Region.
You can use Amazon EFS file systems with Amazon ECS to access file system data across your fleet of Amazon ECS tasks. That way, your tasks have access to the same persistent storage, no matter the infrastructure or container instance on which they land.
You might be unable to mount your Amazon EFS volumes on your Fargate tasks due to one or more of the following reasons: The Amazon EFS file system isn't configured correctly. The Amazon Elastic Container Service (Amazon ECS) task IAM role doesn't have the required permissions.
1 Answer. Show activity on this post. Then mount the volume docker run --rm -it -v efs:/mnt ubuntu:18.04 . This works as per my requirement, but there is one catch.
You need to open port 2049 inbound on the security group on the network interface and task definition. It was not automatically set up even though If you set it to create the security group for you.
157
It's been a while now but I've had the same issue and it was a bit confusing to understand how to proceed. When you create your EFS Volume, you choose a VPC and one Security Group to each Subnet.
You need to go to edit this Security Group to add an Inbound rule of type NFS to allow access (tcp port 2049) to the Security Group Identifier of your ECS cluster service that you want to allow access to. For that, just select Custom in the source field and type service's Security Group identifier on the text box.
For more information this article describes the whole process very well.
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
