By using AWS re:Post, you agree to the Terms of Use
/ECS - FSx FileSystemNotFound: File system does not exist/

ECS - FSx FileSystemNotFound: File system does not exist

0

I have an ECS service which is of Launch Type EC2 owned by an AWS account A. Our IT team has created an FSx storage owned by an AWS Account B - see simple diagram here

When I try to launch tasks I get this error in the Stopped reason section of the task:

 Stopped reason
Fsx describing filesystem(s) from the service for [fs-0c52aba0aac20c744]: FileSystemNotFound: File system 'fs-0c52aba0aac20c744' does not exist.

I have attached those 2 policies to the EC2 (container host) instance:

  • AmazonFSxReadOnlyAccess (AWS Managed)
  • fsx_mount (Customer Managed)

fsx_mount:

{
    "Statement": [
        {
            "Action": [
                "secretsmanager:GetSecretValue"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:secretsmanager:us-west-2:111111111111:secret:dev/rushmore/ad-account-NKOkyh"
        },
        {
            "Action": [
                "fsx:*",
                "ds:DescribeDirectories"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:fsx:us-west-2:222222222222:file-system/fs-0c52aba0aac20c744"
        }
    ],
    "Version": "2012-10-17"
}

Note that the account id of 222222222222 represents AWS Account B. Also, VPC Peering is in place between the EC2 instance VPC and the FileSystem VPC.

Terraform aws_ecs_task_definition:

resource "aws_ecs_task_definition" "participants_task" {
  volume {
    name = "FSxStorage"
    fsx_windows_file_server_volume_configuration {
      file_system_id = "fs-0c52aba0aac20c744"
      root_directory = "\\data"

      authorization_config {
        credentials_parameter = aws_secretsmanager_secret_version.fsx_account_secret.arn
        domain                = var.domain
      }
    }
  }
  ...
}

I am not sure why ECS cannot find the FSx file system. Surely it must be because it is in another AWS account but I don't know what changes are required in order to fix this.

1 Answers
0

Hello,

I understand that you are facing the following error 'fs-0c52aba0aac20c744' does not exist.

In order to troubleshoot the issue and narrow down the issue further, please check the following:

1) Please confirm the security groups and verify that the ports listed on the following page are configured correctly. If ports are closed, you can’t mount a SMB share.

https://docs.aws.amazon.com/fsx/latest/WindowsGuide/limit-access-security-groups.html

Please let us know if you are facing the issue and we can help you in troubleshooting further.

SUPPORT ENGINEER
answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions