Amazon ECS with Persistent Data Volumes (EFS) - Overview.
Scope:
- Intro,
- Amazon ECS – Data Volumes Overview,
- Why Uses EFS with ECS,
- ECS Volume Types (Summary)
- Architecture of ECS + EFS (Fargate or EC2),
- Setting Up ECS with EFS,
- Terraform sample Snippet – ECS Task with EFS (code),
- Use Cases for EFS in ECS,
- Best Practices.
Intro
- Here’s twtech overview of using data volumes with Amazon ECS, focusing on Amazon EFS (Elastic File System) Persistent integration.
Amazon ECS –
Data Volumes Overview
- In ECS, volumes are used to persist data across container restarts and share data between containers.
- The most durable and scalable way to do this is using Amazon EFS, a fully managed network file system.
Why twtech Uses EFS with ECS
|
Benefit |
Description |
|
Persistent storage. |
Data survives task restarts or
replacements |
|
Shared storage. |
Multiple ECS tasks can access the
same files |
|
Scalable & managed. |
Grows automatically, no
provisioning |
|
POSIX compliant. |
Works like a Linux file system |
|
Multi-AZ support. |
High availability and durability |
ECS Volume Types (Summary)
|
Volume
Type |
Description |
Scope |
|
Ephemeral. |
Lives only during task lifetime |
Task-local |
|
Bind Mount. |
Host-path mount (EC2-only) |
ECS-EC2 only |
|
EFS Volume. |
Durable, shared, elastic |
Fargate & EC2 |
Architecture of ECS + EFS (Fargate or EC2)
Setting Up ECS with EFS
Step
1: Create an EFS File System
- Via AWS Console or CLI
- Enable access points (optional, recommended for
task isolation)
- Choose VPC and mount targets in each subnet
Step
2: Create ECS Task Definition with EFS Volume
Sample JSON snippet:
# json
{
"volumes": [
{
"name": "twtech-efs-volume",
"efsVolumeConfiguration": {
"fileSystemId": "fs-12345xxx",
"rootDirectory": "/twtech-app",
"transitEncryption": "ENABLED"
}
}
],
"containerDefinitions": [
{
"name": "twtechwebapp",
"image": "twtech-web-app:latest",
"mountPoints": [
{
"sourceVolume": "twtech-efs-volume",
"containerPath": "/mnt/data"
}
]
}
]
}
NB:
- TransitEncryption is Set to: "ENABLED" for encrypted connections
Step
3: Networking Configuration
- Ensure ECS tasks are in the same VPC as the EFS
mount targets
- Security groups:
- EFS SG must allow NFS (port 2049) from ECS
tasks
- ECS SG should be attached to task ENIs
✅
Fargate + EFS Support
Yes.
- Since 2020, Fargate supports mounting EFS volumes.
Requirements:
- Use awsvpc network mode (default for Fargate)
- Define volume in efsVolumeConfiguration
- No need for mounting tools — AWS manages it
Terraform sample Snippet – ECS Task with EFS (code)
# hcl
resource
"aws_ecs_task_definition" "twtech-efs-task" {
family = "twtech-efs-task"
requires_compatibilities =
["FARGATE"]
network_mode = "awsvpc"
cpu = "256"
memory = "512"
execution_role_arn = aws_iam_role.ecs_execution.arn
task_role_arn = aws_iam_role.ecs_task.arn
volume {
name = "twtech-efs-storage"
efs_volume_configuration {
file_system_id = aws_efs_file_system.twtech.id
transit_encryption = "ENABLED"
}
}
container_definitions = jsonencode([
{
name
= "twtechwebapp"
image
= "twtech-web-app"
essential = true
mountPoints = [
{
sourceVolume = "twtech-efs-storage"
containerPath = "/mnt/data"
}
]
}
])
}
twtech Use Cases for EFS in ECS
|
Use
Case |
Why
EFS is Ideal |
|
Web servers (e.g., twtech-web-app). |
Serve shared content from EFS |
|
Content management systems. |
Persistent storage for uploaded
media |
|
Machine learning models. |
Share large model files across
tasks |
|
Logs and archives. |
Keep logs even after task shutdown |
|
File-based state sharing. |
Share state across multiple
containers |
twtech Best
Practices
- Use Access Points for task-level file system
isolation
- Enable encryption in transit and at rest
- Monitor usage with Amazon CloudWatch + AWS
CloudTrail
- Avoid storing millions of tiny files — EFS is better for large files or directories.
No comments:
Post a Comment