Terraform - 使用 efs 文件系统创建弹性容器服务:检查您的文件系统 ID 是否正确

Terraform - Creating elastic container service with efs file system: check that your file system ID is correct

为了持久化容器数据,我想将 EFS 与我的 docker 容器一起使用。 ECS 任务的启动类型是 fargate。启动任务时出现以下错误:

ResourceInitializationError: failed to invoke EFS utils commands to set up EFS volumes: stderr: Failed to resolve "fs-xxxxxx.efs.eu-central-1.amazonaws.com" - check that your file system ID is correct.

我的任务定义如下所示:

locals {
  username = jsondecode(data.aws_secretsmanager_secret_version.wordpress.secret_string)["username"]
  password = jsondecode(data.aws_secretsmanager_secret_version.wordpress.secret_string)["password"]
}

resource "aws_cloudwatch_log_group" "main" {
  name = "/ecs/wordpress-task"
}


resource "aws_ecs_task_definition" "wordpress" {
  family = "wordpress"

  volume {
    name = "wp"
    efs_volume_configuration {
      file_system_id = aws_efs_file_system.wordpress.id
      root_directory = "/wp"
      transit_encryption = "DISABLED"
    }
  }

  volume {
    name = "db"
    efs_volume_configuration {
      file_system_id = aws_efs_file_system.wordpress.id
      root_directory = "/db"
      transit_encryption = "DISABLED"
    }
  }

  network_mode = "awsvpc"
  requires_compatibilities = ["FARGATE"]
  execution_role_arn =  aws_iam_role.ecs_task_execution_role.arn
  task_role_arn = aws_iam_role.ecs_task_role.arn
  cpu = 1024
  memory = 3072

  container_definitions = jsonencode([{
    name = "wordpress"
    image = "wordpress"
    essential = true
    cpu = 256
    memory = 512
    entryPoint = [ "sh", "-c"]
    command = ["ls -la /var/www/html"]
    mountPoints = [{
      sourceVolume = "wp"
      containerPath = "/var/www/html"
      readOnly = false
    }]
    environment = [{
      name = "WORDPRESS_DB_HOST"
      value = "127.0.0.1"}, 
    {
      name = "WORDPRESS_DB_USER"
      value = local.username
    },
    { 
      name = "WORDPRESS_DB_PASSWORD"
      value = local.password
    },
    {
      name = "WORDPRESS_DB_NAME"
      value = "wordpressdb"
    }]
    portMappings = [{
      protocol = "tcp"
      containerPort = 80
      hostPort = 80
    }]
    logConfiguration = {
      logDriver = "awslogs"
      options = {
        awslogs-group         = aws_cloudwatch_log_group.main.name
        awslogs-stream-prefix = "ecs"
        awslogs-region        = "eu-central-1"
      }}
  },
  {
    name = "db"
    image = "mysql"
    cpu = 256
    memory = 512
    essential = true
    environment = [{
      name = "MYSQL_DATABASE"
      value = "wordpressdb"}, 
    {
      name = "MYSQL_USER"
      value = local.username
    },
    {
      name = "MYSQL_PASSWORD"
      value = local.password
    }, 
    {
      name = "MYSQL_RANDOM_ROOT_PASSWORD"
      value = "1"
    }]
    mountPoints = [{
      sourceVolume = "db"
      containerPath = "/var/lib/mysql"
      readOnly = false
    }]
    portMappings = [{
      containerPort = 3306
      hostPort = 3306
    }]
    logConfiguration = {
      logDriver = "awslogs"
      options = {
        awslogs-group         = aws_cloudwatch_log_group.main.name
        awslogs-stream-prefix = "ecs"
        awslogs-region        = "eu-central-1"
      }
  }}
  ])
}

efs系统位于eu-central-1,定义如下:

resource "aws_efs_file_system" "wordpress" {
    creation_token = "wordpress"
}

我真的很想得到这个工作,关于这个问题的在线资源非常模糊。

我忘记为 efs 添加入站规则和挂载点:

 ingress { 
        description = "nfs"
        from_port = 2049
        to_port = 2049
        protocol = "tcp"
        cidr_blocks = ["0.0.0.0/0"]
    }


   resource "aws_efs_mount_target" "wordpress_target" {
       count = length(aws_subnet.private)
       file_system_id  = aws_efs_file_system.wordpress.id
       subnet_id = aws_subnet.private[count.index].id
       security_groups = [aws_security_group.efs_wordpress_sg.id]
    }