Menu
I'm trying to attach an ephemeral volume to a service that we run on Fargate, so it can generate some files before copying them into S3. When I launch the service without the volume information, the CloudFormation template is created successfully, and the service runs.
However, when putting the volume parameters, it fails with this error:
Model validation failed (#/Volumes: expected type: JSONArray, found: JSONObject #/ContainerDefinitions/0/MountPoints: expected type: JSONArray, found: JSONObject #/ContainerDefinitions/0/PortMappings/0/ContainerPort: expected type: Number, found: String)
And this is the template:
Cluster:
Type: AWS::ECS::Cluster
Properties:
ClusterName: !Join ['-', [!Ref Env, !Ref ShortServiceName, cluster]]
TaskDefinition:
Type: AWS::ECS::TaskDefinition
DependsOn: LogGroup
Properties:
Family: !Join ['-', [!Ref Env, !Ref ShortServiceName, 'taskdefinition']]
NetworkMode: awsvpc
RequiresCompatibilities:
- FARGATE
Cpu: !Ref Cpu
Memory: !Ref Memory
Volumes:
Name: !Ref VolumeName
DockerVolumeConfiguration:
Autoprovision: True
Scope: Task
ExecutionRoleArn: !Ref ExecutionRole
TaskRoleArn: !Ref TaskRole
ContainerDefinitions:
- Name: !Join ['-', [!Ref Env, !Ref ShortServiceName]]
Image: !Ref Image
RepositoryCredentials:
CredentialsParameter: !Ref RepositoryCredentials
PortMappings:
- ContainerPort: !Ref ContainerPort
MountPoints:
ContainerPath: "/app"
SourceVolume: !Ref VolumeName
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-region: !Ref AWS::Region
awslogs-group: !Ref LogGroup
awslogs-stream-prefix: ecs
ContainerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
Tags:
-
Key: Name
Value: !Join ['-', [!Ref ShortServiceName, 'app-sg']]
GroupDescription: !Join ['-', [!Ref ShortServiceName, ContainerSecurityGroup]]
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: !Ref ContainerPort
ToPort: !Ref ContainerPort
SourceSecurityGroupId: !Ref ManagementSecurityGroup
Service:
Type: AWS::ECS::Service
Properties:
ServiceName: !Ref ServiceName
Cluster: !Ref Cluster
TaskDefinition: !Ref TaskDefinition
DeploymentConfiguration:
MinimumHealthyPercent: 50
MaximumPercent: 200
DesiredCount: !Ref DesiredCount
LaunchType: FARGATE
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: DISABLED
Subnets:
- !Ref AppSubnetA
- !Ref AppSubnetB
SecurityGroups:
- !Ref ManagementSecurityGroup
- !Ref ContainerSecurityGroup
LogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Join ['/', [/ecs, !Ref Env, !Ref ServiceName]]
Outputs:
ContainerSecurityGroup:
Description: ContainerSecurityGroup
Value: !Ref ContainerSecurityGroup
I have searched high and low for the issue, yet haven't found anything related to the problem. Also, the ContainerPort parameter works fine as a string when not attaching the volume. I have also tried changing the type from String to Number but keep getting the same found JsonObject, whilst it was expecting JsonArray.
Could someone throw me in the right direction, please?
Cheers!
437
asked Oct 26 '25 02:10
MountPoints should be a list of MountPoint. Thus in you case it should be (note -):
MountPoints:
- ContainerPath: "/app"
SourceVolume: !Ref VolumeName
put it as an entire JSON Object, no quotes!. Example
MyRepo:
Type: AWS::ECR::Repository
Properties:
RepositoryName: my/repo
EncryptionConfiguration: {"encryptionType": "AES256"}
DeletionPolicy: Retain
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
