amazon-web-servicesterraformamazon-ecsamazon-efs

How do I create a folder on EFS?


I set up an ECS Cluster with Terraform. Everything works great, but I have a few questions about it.

1. As far as I understood, an EFS volume doesn't need to be mounted to ECS instances. AWS allows us to mount an EFS volume folder directly to a container. Am I right?

resource "aws_ecs_task_definition" "Task" {
  family                = var.ServiceName
  container_definitions = file("service.json")
  tags = {
    Name    = data.terraform_remote_state.Cluster.outputs.TagName
    Project = data.terraform_remote_state.Cluster.outputs.TagName
  }
  volume {
    name = "service-storage"
    efs_volume_configuration {
      file_system_id = data.terraform_remote_state.Cluster.outputs.EfsVolumeId
      root_directory = "/"
    }
  }
}

root_directory here is the path inside of the EFS volume to the folder, which will be mounted to a container.

service.json

[
  {
    "name": "nginx13",
    "image": "nginx",
    "memory": 256,
    "mountPoints": [
      {
        "containerPath": "/usr/share/nginx/html",
        "sourceVolume": "service-storage"
      }
    ],
    "portMappings": [
      {
        "containerPort": 80
      }
    ]
  }
]

containerPath here is the path inside of the container to the mount point where the root_directory folder will be mounted. So there is no parameter related to an ECS instance mount point or path to it.

2. Before I create a new task, I need to create a folder on the EFS volume to mount containers to it later. Now, I can use only the root folder of the EFS volume because it is empty. So, I am looking for a way to manage creating and deleting folders on EFS volumes with a terraform template. And this is the first part of the problem, the second part is to put files in that folder. What are the best practices for that? Should I use some kind of deployment solution like Jenkins or it could be done just with Terraform? What about the EFS folder permissions? Do they need to be changed?


Solution

  • Use EFS Access Points: https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html

    Access points work by creating a directory within the EFS. You can then set access permissions on that directory. This is probably better for what you're doing anyway as it gives you access control.

    If a root directory path for an access point doesn't exist on the file system, Amazon EFS automatically creates that root directory with configurable ownership and permissions.

    https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_access_point

    If this isn't a good fit:

    I would recommend using lambda.

    https://aws.amazon.com/blogs/compute/using-amazon-efs-for-aws-lambda-in-your-serverless-applications/

    You can write a lambda in any language you're comfortable with that can mount the EFS. Then have it create a directory. Then you can call this lambda with a null resource local-exec.