skip to Main Content

I have a custom ECS AMI, running Debian 10. I launch the ECS-Agent as a container, as suggested in the docs here. Everything works fine.

Recently, I was asked to integrate EFS into the cluster, so that containers running within specific tasks would have access to shared, persistent storage.

I added the efs-utils package to the AMI build, as documented in the git repo. The instances themselves now automatically mount to EFS on boot, and users on the instances can read/write to the EFS mount.

However, tasks configured to use the efsVolumeConfiguration parameter in the task volume definition fail to get placed; the good old Container instance missing required attribute error.

Because the instances themselves have no problem mounting to EFS on boot, I’ve implemented a workaround using regular docker volumes, so the containers running in the task mount EFS on the host via normal docker volume, but I’d prefer to have the ECS -> EFS integration working properly.

When I run the ECS-CLI check-attributes command against any of the instances in my cluster I get:

ecs-cli check-attributes --task-def my-task --container-instances my-container-instance-id --cluster my-ecs-cluser
Container Instance                    Missing Attributes
my-container-instance-id  ecs.capability.efsAuth

And indeed, in the console, when I go cluster->instances->specific-instance->actions->view/edit attributes, all of the ecs.capability.xxx contain empty values.

When do these values get populated? How should I augment the AMI build so that these values get populated with the proper values?

Please let me know if you need any additional information.
Thanks in advance!

3

Answers


  1. Chosen as BEST ANSWER

    Apologies, I thought I marked this as the answer a long time ago.

    Answer from @bravinator932421

    I think I solved this. From github.com/aws/amazon-ecs-agent/blob/… I saw where to set efsAuth, so placing it in my config file at /etc/ecs/ecs.config: ECS_VOLUME_PLUGIN_CAPABILITIES=["efsAuth"] worked

    This also worked for me .


  2. I am not sure if this functionality of using EFS with ECS is supported on Debian based systems since the documentation 1 does not provide commands for Debian.

    Still, try these steps:

    1. Install efs utils and enable amazon-ecs-volume-plugin 1
    2. Add the tag manually: 2
      • Name=ecs.capability.efsAuth
      • Value=<empty>
    Login or Signup to reply.
  3. I had the same problem but I got it when trying out Bottlerocket, which apparently does not support encrypted EFS mounts. Removing the transit encryption requirement fixed it.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search