I set up an ECS Cluster with Terraform. Everything works great, but I have a few questions about it.
1. As far as I understood, an EFS volume doesn't need to be mounted to ECS instances. AWS allows us to mount an EFS volume folder directly to a container. Am I right?
resource "aws_ecs_task_definition" "Task" {
family = var.ServiceName
container_definitions = file("service.json")
tags = {
Name = data.terraform_remote_state.Cluster.outputs.TagName
Project = data.terraform_remote_state.Cluster.outputs.TagName
}
volume {
name = "service-storage"
efs_volume_configuration {
file_system_id = data.terraform_remote_state.Cluster.outputs.EfsVolumeId
root_directory = "/"
}
}
}
root_directory
here is the path inside of the EFS volume to the folder, which will be mounted to a container.
service.json
[
{
"name": "nginx13",
"image": "nginx",
"memory": 256,
"mountPoints": [
{
"containerPath": "/usr/share/nginx/html",
"sourceVolume": "service-storage"
}
],
"portMappings": [
{
"containerPort": 80
}
]
}
]
containerPath
here is the path inside of the container to the mount point where the root_directory
folder will be mounted. So there is no parameter related to an ECS instance mount point or path to it.
2. Before I create a new task, I need to create a folder on the EFS volume to mount containers to it later. Now, I can use only the root folder of the EFS volume because it is empty. So, I am looking for a way to manage creating and deleting folders on EFS volumes with a terraform template. And this is the first part of the problem, the second part is to put files in that folder. What are the best practices for that? Should I use some kind of deployment solution like Jenkins or it could be done just with Terraform? What about the EFS folder permissions? Do they need to be changed?
Use EFS Access Points: https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html
Access points work by creating a directory within the EFS. You can then set access permissions on that directory. This is probably better for what you're doing anyway as it gives you access control.
If a root directory path for an access point doesn't exist on the file system, Amazon EFS automatically creates that root directory with configurable ownership and permissions.
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_access_point
If this isn't a good fit:
I would recommend using lambda.
You can write a lambda in any language you're comfortable with that can mount the EFS. Then have it create a directory. Then you can call this lambda with a null resource local-exec.