I'm getting this error
Resource handler returned message: "EFS
file system
arn:aws:elasticfilesystem:us-
west-2:999999999999:file-
system/fs-0389f6268bc5e61a8 referenced
by access point
arn:aws:elasticfilesystem:us-
west-2:999999999999:access-
point/fsap-0ee6de7a6069fda4a does not
have mount targets created in all
availability zones the function will
execute in. Please create EFS mount
targets in availability zones where the
function has a corresponding subnet
provided. (Service: Lambda, Status Code:
400, Request ID:
5c4b694a-ba28-4a9f-8e1a-f1fde134f398)"
(RequestToken:
85c51e18-d780-d8df-44d2-54c1194cea9f,
HandlerErrorCode: InvalidRequest)
But I don't understand because clearly I have setup the 3 AZs. Here's my template in its entirety:
AWSTemplateFormatVersion: 2010-09-09
Description: >-
pouchdb-sam-app
Transform:
- AWS::Serverless-2016-10-31
Parameters:
FileSystemName:
Type: String
Default: TestFileSystem
Resources:
MountTargetVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 172.31.0.0/16
EnableDnsHostnames: True
EnableDnsSupport: True
MountTargetSubnetOne:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 172.31.1.0/24
VpcId: !Ref MountTargetVPC
AvailabilityZone: !Sub "${AWS::Region}a"
MountTargetSubnetTwo:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 172.31.2.0/24
VpcId: !Ref MountTargetVPC
AvailabilityZone: !Sub "${AWS::Region}b"
MountTargetSubnetThree:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 172.31.3.0/24
VpcId: !Ref MountTargetVPC
AvailabilityZone: !Sub "${AWS::Region}c"
FileSystemResource:
Type: 'AWS::EFS::FileSystem'
Properties:
PerformanceMode: maxIO
Encrypted: true
FileSystemTags:
- Key: Name
Value: !Ref FileSystemName
FileSystemPolicy:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "elasticfilesystem:ClientMount"
Principal:
AWS: "*"
MountTargetResource1:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId: !Ref FileSystemResource
SubnetId: !Ref MountTargetSubnetOne
SecurityGroups:
- !GetAtt MountTargetVPC.DefaultSecurityGroup
MountTargetResource2:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId: !Ref FileSystemResource
SubnetId: !Ref MountTargetSubnetTwo
SecurityGroups:
- !GetAtt MountTargetVPC.DefaultSecurityGroup
MountTargetResource3:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId: !Ref FileSystemResource
SubnetId: !Ref MountTargetSubnetThree
SecurityGroups:
- !GetAtt MountTargetVPC.DefaultSecurityGroup
AccessPointResource:
Type: 'AWS::EFS::AccessPoint'
Properties:
FileSystemId: !Ref FileSystemResource
PosixUser:
Uid: "1000"
Gid: "1000"
RootDirectory:
CreationInfo:
OwnerGid: "1000"
OwnerUid: "1000"
Permissions: "0777"
Path: "/data"
getAllItemsFunction:
Type: AWS::Serverless::Function
Properties:
Handler: src/handlers/get-all-items.getAllItemsHandler
Runtime: nodejs16.x
Architectures:
- x86_64
MemorySize: 128
Timeout: 100
Events:
Api:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY
VpcConfig:
SecurityGroupIds:
- !GetAtt MountTargetVPC.DefaultSecurityGroup
SubnetIds: [ !Ref MountTargetSubnetOne, !Ref MountTargetSubnetTwo, !Ref MountTargetSubnetThree ]
FileSystemConfigs:
- Arn: !GetAtt AccessPointResource.Arn
LocalMountPath: "/mnt/data"
Policies:
- Statement:
- Sid: AWSLambdaVPCAccessExecutionRole
Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
- ec2:CreateNetworkInterface
- ec2:DescribeNetworkInterfaces
- ec2:DeleteNetworkInterface
Resource: "*"
- Sid: AmazonElasticFileSystemClientFullAccess
Effect: Allow
Action:
- elasticfilesystem:ClientMount
- elasticfilesystem:ClientRootAccess
- elasticfilesystem:ClientWrite
- elasticfilesystem:DescribeMountTargets
Resource: "*"
Outputs:
WebEndpoint:
Description: "API Gateway endpoint URL for Prod stage"
Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/"