-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ECS Task Definition needs additional parameters for EFS Access Points #13286
Comments
Is there a workaround for this? |
There was no workaround and my solution was to abandon EFS access points in favor of the older style of EFS direct file mounts. EFS Access Points are poorly supported across the board in TF and this is just one of the problems. On a somewhat unrelated note, I may abandon Fargate perhaps ECS altogether so the urgency of this ticket may be zero for me now. Even if I stick with Fargate, it is not urgent to use Access Points because direct mounting of the EFS file system works well. |
I thought EFS access points are required to make Fargate work with EFS? From the announcement:
That's from here: https://aws.amazon.com/about-aws/whats-new/2020/04/amazon-ecs-aws-fargate-support-amazon-efs-filesystems-generally-available I haven't been able to get it to work from terraform without the access point support, so unless I'm mistaken EFS+Fargate is currently not useable. |
@durist Just to confirm this isn't just you, I have also not been able to access EFS from Fargate and believe it is because EFS access points are required. |
Fyi I've updated my PR at #13136 to include the access point changes. |
It looks like access points were added in 2.63.0, but authorization_config still hasn't been added. I've confirmed that I can now mount an EFS filesystem in Fargate, but only as root, which is not ideal. |
Support for this functionality has been merged and will release with version 2.68.0 of the Terraform AWS Provider, later this week. Thanks to @jukie and others for the implementation. 👍 |
This has been released in version 2.68.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Community Note
Description
AWS EFS access points are the most recent addition to EFS and are documented (here)[https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html].
Currently, the aws_ecs_task_definition does not have an authorization_config for the efs_volume_configuration. This means that an ecs_task_definition cannot create an EC2 nor Fargate instance connected to an EFS access point. This ticket requests adding authorization_config.
It is unclear if terraform defined ECS Task Definition and efs_colume_configuration work with Fargate. See the references below. It may be a separate issue but I need to use ECS Task Definition with Fargate. This ticket is a necessary pre-condition. To the extent that additional work is needed to make this all work with Fargate, that could be another ticket.
New or Affected Resource(s)
Potential Terraform Configuration
References
Requires this PR for aws_efs_access_point resource.
Requires This PR for ECS transit encryption to EFS because to use an access point with ECS (Fargate or EC2), transit encryption is required.
This ticket discusses the transit encryption request and makes some reference to needing authorizationConfig (which is this ticket).
The released TF docs here say the following
It may be a separate issue but I need to use ECS Task Definition with Fargate.
AWS task definition parameters for volumes are documented here
The text was updated successfully, but these errors were encountered: