4

Trying to launch a Fargate task that uses an EFS Volume.

When starting the task from ECS Console, I'm getting this error :

ResourceInitializationError: failed to invoke EFS utils commands to set up EFS volumes: stderr: Failed to resolve "fs-019a4b2d1774c5586.efs.eu-west-1.amazonaws.com" - check that your file system ID is correct, and ensure that the VPC has an EFS mount target for this file system ID. See https://docs.aws.amazon.com/console/efs/mount-dns-name for more detail. Attempting to lookup mount target ip address using botocore. Failed to import necessary dependency botocore, please install botocore first. : unsuccessful EFS utils command execution; code: 1

File system Id is correct. I've mounted the volume from an ec2 instance in the same VPC, all good.

Following steps defined here : https://aws.amazon.com/premiumsupport/knowledge-center/ecs-fargate-mount-efs-containers-tasks/?nc1=h_ls

I cannot figure out where to specify outbound rule for ECS service or task. See image

Thanks in advance.

user19205267
  • 71
  • 1
  • 6
  • "I cannot figure out where to specify outbound rule for ECS service or task". Go to the security group assigned to the service, and look at the outbound section. Although a "Failed to resolve" error sounds more like a DNS issue in your VPC to me. – Mark B May 26 '22 at 13:18
  • Thank you @MarkB, I've edited the security group assigned to ECS and added an outbound rule for NFS on port 2049. It works now. – user19205267 May 27 '22 at 07:34

2 Answers2

3

As @MarkB stated, i've edited the outbound rule and added the port 2049 (NFS) to the EFS security group, and it's workin fine.

user19205267
  • 71
  • 1
  • 6
0
  1. Basically the ECS'S security group should allow ssh in the ingress and nfs protocol on the port 2049 to the Securitygroup of the mount target and
  2. Mount target's security group should allow nfs protocol on the 2049 port.
Dilip kumar
  • 11
  • 1