How do I create a folder on EFS?

Asked 8/4, 2020 at 1:22 Answered 9/10 at 8:21

Solved amazon-web-services terraform amazon-ecs amazon-efs

I set up an ECS Cluster with Terraform. Everything works great, but I have a few questions about it.

1. As far as I understood, an EFS volume doesn't need to be mounted to ECS instances. AWS allows us to mount an EFS volume folder directly to a container. Am I right?

resource "aws_ecs_task_definition" "Task" {
  family                = var.ServiceName
  container_definitions = file("service.json")
  tags = {
    Name    = data.terraform_remote_state.Cluster.outputs.TagName
    Project = data.terraform_remote_state.Cluster.outputs.TagName
  }
  volume {
    name = "service-storage"
    efs_volume_configuration {
      file_system_id = data.terraform_remote_state.Cluster.outputs.EfsVolumeId
      root_directory = "/"
    }
  }
}

root_directory here is the path inside of the EFS volume to the folder, which will be mounted to a container.

service.json

[
  {
    "name": "nginx13",
    "image": "nginx",
    "memory": 256,
    "mountPoints": [
      {
        "containerPath": "/usr/share/nginx/html",
        "sourceVolume": "service-storage"
      }
    ],
    "portMappings": [
      {
        "containerPort": 80
      }
    ]
  }
]

containerPath here is the path inside of the container to the mount point where the root_directory folder will be mounted. So there is no parameter related to an ECS instance mount point or path to it.

2. Before I create a new task, I need to create a folder on the EFS volume to mount containers to it later. Now, I can use only the root folder of the EFS volume because it is empty. So, I am looking for a way to manage creating and deleting folders on EFS volumes with a terraform template. And this is the first part of the problem, the second part is to put files in that folder. What are the best practices for that? Should I use some kind of deployment solution like Jenkins or it could be done just with Terraform? What about the EFS folder permissions? Do they need to be changed?

Memorable answered 8/4, 2020 at 1:22 Comment(1)

I have run into the same problem. Unfortunately there are no APIs to manage the content of an EFS. The only way to automatize this process with Terraform I can think of is to build to a module that for example creates an ECS service, mounts the EFS and runs a custom image that modifies the permissions. All of this could be triggered by a lambda using Terraform's local-exec provider. Feels though like a complete overkill. – Tridactyl 17/4, 2020 at 22:50

Use EFS Access Points: https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html

Access points work by creating a directory within the EFS. You can then set access permissions on that directory. This is probably better for what you're doing anyway as it gives you access control.

If a root directory path for an access point doesn't exist on the file system, Amazon EFS automatically creates that root directory with configurable ownership and permissions.

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_access_point

If this isn't a good fit:

I would recommend using lambda.

https://aws.amazon.com/blogs/compute/using-amazon-efs-for-aws-lambda-in-your-serverless-applications/

You can write a lambda in any language you're comfortable with that can mount the EFS. Then have it create a directory. Then you can call this lambda with a null resource local-exec.

Cattleman answered 8/10, 2020 at 18:16 Comment(6)

I created an access point, but the subdirectory in the EFS Volume was still not present. Am I missing something? Do you still have to manually create the directory? – Imperishable 5/1, 2021 at 21:7

Did you try mounting via the access point yet? The docs say do something like: mount -t efs -o tls,accesspoint=fsap-12345678 fs-12345678: /localmountpoint – Cattleman 6/1, 2021 at 0:12

yes, that didn't seem to work for me either. the mount failed until i created the directory on efs. Then the mount succeeded. This is ok, but it would be nice if that directory was created automatically when you create the access point. – Imperishable 8/1, 2021 at 17:49

Reading through this documentation with a closer eye makes it clear. You have to specify the owner and permissions when creating the access point. Otherwise the mount will fail. If you do have the owner and permissions specified, then the first mount successfully creates the directory. -> docs.amazonaws.cn/en_us/efs/latest/ug/efs-access-points.html – Imperishable 8/1, 2021 at 20:19

@Imperishable why do link to the Chinese AWS documentation? – Remscheid 2/6, 2023 at 12:3

ha, i have no idea @PaulMichalik – Imperishable 3/6, 2023 at 0:32

You can create AWS EFS Access Points programmatically. The official documentation provides details on how to set them up:

https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html

However, if you want Access Points to create the folder, you need to do the following:

Explicitly specify the owner and permissions for the folder.
The EFS must be mounted via the Access Point. Mounting it any other way will not create the folder.

I also recommend using the official Terraform module for managing EFS:

https://registry.terraform.io/modules/terraform-aws-modules/efs/aws/latest

Using this module, you can easily reference the Access Points in your infrastructure by utilizing the module’s outputs:

module.efs.access_points.[you access point name].id

Tade answered 9/10 at 8:21 Comment(0)

Recommended topics

Hot tags