i am trying to run an elasticsearch container inside an aws ecs fargate task (container). i have mounted an efs volume on container and want to map /usr/share/elasticsearch/data of elasticsearch to this volume. but when i run the task i get the following error since it's an ecs fargate task i can not access the underlying container (instance) so that if it's a permissions issue i can change those permissions on the run.
when i try to change the permissions through ecs container definition i.e Entry point ["sh","-c"] Command ["chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data"] i get permission denied error and when i use sudo with chown i get "sudo not found"
is there any solution to this i am stuck with it and i need data to persist so /usr/share/elasticsearch/data must be mapped to efs
since it's an ecs fargate task i can not access the underlying container (instance)
Actually you can, using ECS Exec
However, it sounds like your ECS Task simply doesn't have the permissions required to access the EFS volume. To fix that, you should crate an EFS Access Point for the EFS volume, configure the EFS mount settings in the ECS task to use the EFS Access Point, and configure the Access Point to use a specific Unix OwnerUid
and OwnerGiD
, and Permissions for all connections.
You should also make sure your ECS Task IAM Role has the following EFS permissions:
"elasticfilesystem:ClientMount",
"elasticfilesystem:ClientWrite",
"elasticfilesystem:ClientRootAccess"