Accessing rexray/ebs volume from ECS host

Question

I've managed to follow https://aws.amazon.com/blogs/compute/amazon-ecs-and-docker-volume-drivers-amazon-ebs/ and run my Container-based service on ECS using rex-ray Docker volume plugin. I can see that my service is generating data inside the volume by logging into the Docker container using docker exec -it <id> /bin/sh

Is there a place on the host EC2 instance where I can check that data? Is the rex-ray volume mounted anywhere on the host instance?

I'm running a single node ECS cluster. I used the following Task definition. I declared sourcePath in host under volumes, but I don't see any outputs directory on the host container.

{
"ipcMode": null,
"executionRoleArn": null,
"containerDefinitions": [
    {
        "dnsSearchDomains": null,
        "environmentFiles": null,
        "logConfiguration": {
            "logDriver": "awslogs",
            "secretOptions": null,
            "options": {
                "awslogs-group": "/ecs/xxxxx",
                "awslogs-region": "us-east-1",
                "awslogs-stream-prefix": "ecs"
            }
        },
        "entryPoint": null,
        "portMappings": [],
        "command": null,
        "linuxParameters": null,
        "cpu": 0,
        "environment": [
            {
                "name": "save_path",
                "value": "/outputs"
            },
            {
                "name": "watchdog_limit",
                "value": "60"
            },
            {
                "name": "max_records_per_file",
                "value": "14400"
            }
        ],
        "resourceRequirements": null,
        "ulimits": null,
        "dnsServers": null,
        "mountPoints": [
            {
                "readOnly": null,
                "containerPath": "/outputs",
                "sourceVolume": "rexray_volume"
            }
        ],
        "workingDirectory": null,
        "secrets": null,
        "dockerSecurityOptions": null,
        "memory": null,
        "memoryReservation": 300,
        "volumesFrom": [],
        "stopTimeout": null,
        "image": "xxxxxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/xxxxxxxxx:1.1",
        "startTimeout": null,
        "firelensConfiguration": null,
        "dependsOn": null,
        "disableNetworking": null,
        "interactive": null,
        "healthCheck": null,
        "essential": true,
        "links": null,
        "hostname": null,
        "extraHosts": null,
        "pseudoTerminal": null,
        "user": null,
        "readonlyRootFilesystem": null,
        "dockerLabels": null,
        "systemControls": null,
        "privileged": null,
        "name": "Datafeed"
    }
],
"memory": null,
"taskRoleArn": null,
"family": "Xxxxxxxx",
"pidMode": null,
"requiresCompatibilities": [
    "EC2"
],
"networkMode": null,
"cpu": null,
"inferenceAccelerators": [],
"proxyConfiguration": null,
"volumes": [
    {
        "fsxWindowsFileServerVolumeConfiguration": null,
        "efsVolumeConfiguration": null,
        "name": "rexray_volume",
        "host": {
            "sourcePath": "/outputs"
        },
        "dockerVolumeConfiguration": {
            "autoprovision": true,
            "scope": "shared",
            "driver": "rexray/ebs",
            "driverOpts": {
                "volumetype": "gp3",
                "size": "20"
            }
        }
    }
],
"placementConstraints": [],
"tags": []

}

Answer 1

I managed to access the files. The device is already mounted to a path inside /var/lib/docker/plugins folder.

This can be identified using the command lsblk. Since the device is already mounted, it can't be mounted again to a different location, however, you can create a --bind mount to a more convenient location.

sudo mount --bind /var/lib/docker/plugins/xxxxxx/propagated-mount/volumes/rexray_vol outputs/

I do need to su to access the files though. Let me know if you have any better solution.

Answer 2

SSH into the EC2 instance and run lsblk command to find the data directory of the ECS service container.

Following is the task definition example if you want to know how to create a gp3 volume with IOPS and encryption specified:

resource "aws_ecs_task_definition" "postgres" {
  container_definitions    = ...
  family                   = "Postgres"
  requires_compatibilities = ["EC2"]
  network_mode             = "bridge"

  volume {
    name = "rexray_volume"

    docker_volume_configuration {
      scope         = "shared"
      autoprovision = false
      driver        = "rexray/ebs"
      driver_opts = {
        volumetype    = "gp3"
        size          = 20
        iops          = 3000
        encrypted     = true
        encryptionkey = "arn:aws:kms:us-east-1:111111111111:key/11111111-1111-1111-1111-11111111"
      }
    }
  }
}