The easiest way to use EFS volumes with ECS

Finally, AWS released the ECS support for Docker volume drivers and volume plugins. You can now use volume plugins like Rexray or Portworx to automatically mount EBS or EFS volumes. But if you just want to use an EFS volume, there’s an easier way.

Mount EFS volumes by using Docker’s local volume driver

First, create the EFS volume and open the settings. It shows you a link called “Amazon EC2 mount instructions”, which gives you all the information you need to mount the volume on an EC2 instance.

In the TaskDefinition, you can now add the new dockerVolumeConfiguration and use Docker’s built-in local driver. This volume driver accepts options similar to the Linux mount command.

You’ve to add “type”, “device” and “o” as driver options. The value of type is just “nfs”. The device option gets the EFS mount point. And the o option can be copied from the EFS instruction but you’ve to add “addr” with the DNS name of the EFS volume as well.

Here is how it should look at the end:

{
  "volumes": [
    {
      "name": "jenkins_home",
      "host": null,
      "dockerVolumeConfiguration": {
        "autoprovision": null,
        "labels": null,
        "scope": "task",
        "driver": "local",
        "driverOpts": {
          "type": "nfs",
          "device": "fs-1234abcd.efs.eu-west-1.amazonaws.com:/",
          "o": "addr=fs-1234abcd.efs.eu-west-1.amazonaws.com,nfsvers=4.0,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2"
        }
      }
    }
  ]
}

Update: It’s also supported in CloudFormation now. In this example, the ${FileSystem} points to an EFS FileSystem.

Please note, that CloudFormation force you to define a Label, even while the docs says it’s not required.

TaskDefinition:
  Type: AWS::ECS::TaskDefinition
  Properties:
    Volumes:
      - Name: jenkins_home
        DockerVolumeConfiguration:
          Driver: local
          DriverOpts:
            type: nfs
            device: !Sub "${FileSystem}.efs.${AWS::Region}.amazonaws.com:/"
            o: !Sub "addr=${FileSystem}.efs.${AWS::Region}.amazonaws.com,nfsvers=4.0,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2"
          Labels:
            foo: bar
          Scope: task

Update 2:
There’s a kernel bug which hasn’t been fixed in the ECS optimized AMI (tested with 2018.03.g). This leads to a deadlock when you start multiple tasks with an nfs volume at the same time (e.g. when updating the cluster).

The workaround is to use the nfs version 4.0 instead of 4.1 (I updated the snippets above)

For more information see:

• https://www.spinics.net/lists/linux-nfs/msg66321.html
• https://bugzilla.redhat.com/show_bug.cgi?id=1506382