https://pulumi.com logo
Title
a

aloof-gigabyte-74853

11/15/2022, 8:34 PM
Hi everyone, I'm stuck on a problem with mapping an EFS volume to a Fargate Task in ECS. What happens is that it throws the following error during startup:
Error: EACCES: permission denied, open '/var/lib/ghost/content/logs/https___blog_test_production.error.log'
Any help is greatly appreciated! See inline comments for a snippet of the code.
l

little-cartoon-10569

11/15/2022, 8:37 PM
Hi Tyler. Could I ask you to edit this post? It's huge and makes the channel hard to work through. You could either summarize the problem in this post, then add the code in a thread under it. Or you could update the post to use Slack's Text Snippet feature, which makes the code collapsible (and adds syntax highlighting!)
a

aloof-gigabyte-74853

11/15/2022, 8:39 PM
Created a snippet instead.
f

fierce-ability-58936

11/15/2022, 8:50 PM
Your application container probably doesn't run under
gid: 65534,
      uid: 65534,
from the looks of it
l

little-cartoon-10569

11/15/2022, 8:52 PM
I can't see anything obviously wrong. Things I'd investigate: • use of KMS key (does ECS need to be given specific permissions? Maybe try with AWS's default key instead of your private one?) • uid/gid values (high5 Eugene)
f

fierce-ability-58936

11/15/2022, 8:56 PM
If it's uid/gid you can actually set them here on the infrastructure side (rather than doing it in the Dockerfile), see
user
here https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html
a

aloof-gigabyte-74853

11/15/2022, 8:57 PM
Yeah, those were some hail marys on my part trying to figure out wth was going on
starting there, will report back
Still a no go, but I've run into another issue. Will return to this and report back.
Found the issue, and its not Pulumi or ECS/Fargate/EFS 😄
l

little-cartoon-10569

11/16/2022, 1:19 AM
:high-five: