Fargate EFS Issue: ResourceInitializationError: failed to invoke EFS utils

1

I have spent a number of hours working to setup EFS under ECS Fargate using the instructions in this post https://aws.amazon.com/blogs/aws/amazon-ecs-supports-efs/ and checked my JSON against the configure list https://docs.amazonaws.cn/en_us/AmazonECS/latest/developerguide/efs-volumes.html without success. I have deleted the recreated the cluster, EFS instance, VPC and security groups without success. I also tried adding an IAM role which didn't help. Not sure what to do next.

My current error is "ResourceInitializationError: failed to invoke EFS utils commands to set up EFS volumes: command failed with 32: failed to execute command to invoke EFS utils: mount.nfs4: Connection reset by peer" when I try to start the Service with the EFS Task Definition enabled. As I understand it, Fargate should initiate these calls in a wrapper around the service, so I don't need to create a custom container image that includes the EFS Utils. Let me know if that isn't the case.

Any suggestions on what the issue could be or things to test?

asked 4 years ago8694 views
4 Answers
0

Turns out you needed to open port 2049 inbound on the security group on the network interface and task definition. It was not automatically setup even though I had it create the security group for me.

answered 4 years ago
profile picture
SUPPORT ENGINEER
reviewed 2 years ago
0

Thanks for the problem and the solution. I was trying to figure it out for last 2 days.

-Chendil

Chendil
answered 4 years ago
0

For anyone who still facing this error.
Ensure the following configurations:

  • Security group: add an inbound rule to with type NFS and port 2049
  • Subnet: Ensure your network is able to connect to your EFS. you could check detail in EFS's networking
answered 3 years ago
0

I am new to ECS and Fargate, so I am probably missing something simple.

My task shows the error message in the OP. The inbound rule for the security group associated with the EFS device says:
NFS,TCP,2049,<another security group ID>.
I think that's correct.

I checked the Networking details for that EFS. It lists a Mount Target ID, Subnet ID, it's Available, and has an ENI and SG. How can I ensure that the network is "able to connect to the EFS"?

JeffVGE
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions