Here’s twtech complete guide to using data volumes with Amazon ECS, focusing on Amazon EFS (Elastic File System) Persistent integration.
Amazon ECS –
Data Volumes Overview
In ECS, volumes are used to persist data across container restarts and share data between containers. The most durable and scalable way to do this is using Amazon EFS, a fully managed network file system.
Why twtech Uses EFS with ECS
|
Benefit |
Description |
|
Persistent storage. |
Data survives task restarts or
replacements |
|
Shared storage. |
Multiple ECS tasks can access the
same files |
|
Scalable & managed. |
Grows automatically, no
provisioning |
|
POSIX compliant. |
Works like a Linux file system |
|
Multi-AZ support. |
High availability and durability |
ECS Volume Types (Summary)
|
Volume
Type |
Description |
Scope |
|
Ephemeral. |
Lives only during task lifetime |
Task-local |
|
Bind Mount. |
Host-path mount (EC2-only) |
ECS-EC2 only |
|
EFS Volume. |
Durable, shared, elastic |
Fargate & EC2 |
Architecture: ECS + EFS (Fargate or EC2)
# sql
+--------------------+
| twtech-User |
+-------------------------+
|
▼
+----------------------+
| ECS Service |
+--------------+
| |
+--▼--+ +--▼--+
|Task1| |Task2|
+--+--+ +--+--+
| |
+-----▼---------▼-----+
|
Amazon EFS Volume |
+----------------------+
Setting Up ECS with EFS
Step
1: Create an EFS File System
- Via AWS Console or CLI
- Enable access points (optional, recommended for
task isolation)
- Choose VPC and mount targets in each subnet
Step
2: Create ECS Task Definition with EFS Volume
Sample JSON snippet:
# json
{
"volumes": [
{
"name": "twtech-efs-volume",
"efsVolumeConfiguration": {
"fileSystemId": "fs-12345xxx",
"rootDirectory": "/twtech-app",
"transitEncryption": "ENABLED"
}
}
],
"containerDefinitions": [
{
"name": "twtechwebapp",
"image": "twtech-web-app:latest",
"mountPoints": [
{
"sourceVolume": "twtech-efs-volume",
"containerPath": "/mnt/data"
}
]
}
]
}
transitEncryption: Set to "ENABLED" for encrypted connections
Step
3: Networking Configuration
- Ensure ECS tasks are in the same VPC as the EFS
mount targets
- Security groups:
- EFS SG must allow NFS (port 2049) from ECS
tasks
- ECS SG should be attached to task ENIs
✅
Fargate + EFS Support
Yes! Since 2020, Fargate supports
mounting EFS volumes.
Requirements:
- Use awsvpc network mode (default for Fargate)
- Define volume in efsVolumeConfiguration
- No need for mounting tools — AWS manages it
Terraform Snippet – ECS Task with EFS
# hcl
resource
"aws_ecs_task_definition" "twtech-efs-task" {
family = "twtech-efs-task"
requires_compatibilities =
["FARGATE"]
network_mode = "awsvpc"
cpu = "256"
memory = "512"
execution_role_arn = aws_iam_role.ecs_execution.arn
task_role_arn = aws_iam_role.ecs_task.arn
volume {
name = "twtech-efs-storage"
efs_volume_configuration {
file_system_id = aws_efs_file_system.twtech.id
transit_encryption = "ENABLED"
}
}
container_definitions = jsonencode([
{
name
= "twtechwebapp"
image
= "twtech-web-app"
essential = true
mountPoints = [
{
sourceVolume = "twtech-efs-storage"
containerPath = "/mnt/data"
}
]
}
])
}
twtech Use Cases for EFS in ECS
|
Use
Case |
Why
EFS is Ideal |
|
Web servers (e.g., twtech-web-app). |
Serve shared content from EFS |
|
Content management systems. |
Persistent storage for uploaded
media |
|
Machine learning models. |
Share large model files across
tasks |
|
Logs and archives. |
Keep logs even after task shutdown |
|
File-based state sharing. |
Share state across multiple
containers |
twtech Best
Practices
- Use Access Points for task-level file system
isolation
- Enable encryption in transit and at rest
- Monitor usage with Amazon CloudWatch + AWS
CloudTrail
- Avoid storing millions of tiny files — EFS is better for large files or directories.
No comments:
Post a Comment