Terraform - Creating elastic container service with efs file system: check that your file system ID is correct

Question

For persisting container data I want to use an EFS with my docker containers. The launch type for the ECS task is fargate. I get the following error when launching the task:

ResourceInitializationError: failed to invoke EFS utils commands to set up EFS volumes: stderr: Failed to resolve "fs-xxxxxx.efs.eu-central-1.amazonaws.com" - check that your file system ID is correct.

and my task definition looks like this:

locals {
  username = jsondecode(data.aws_secretsmanager_secret_version.wordpress.secret_string)["username"]
  password = jsondecode(data.aws_secretsmanager_secret_version.wordpress.secret_string)["password"]
}

resource "aws_cloudwatch_log_group" "main" {
  name = "/ecs/wordpress-task"
}


resource "aws_ecs_task_definition" "wordpress" {
  family = "wordpress"

  volume {
    name = "wp"
    efs_volume_configuration {
      file_system_id = aws_efs_file_system.wordpress.id
      root_directory = "/wp"
      transit_encryption = "DISABLED"
    }
  }

  volume {
    name = "db"
    efs_volume_configuration {
      file_system_id = aws_efs_file_system.wordpress.id
      root_directory = "/db"
      transit_encryption = "DISABLED"
    }
  }

  network_mode = "awsvpc"
  requires_compatibilities = ["FARGATE"]
  execution_role_arn =  aws_iam_role.ecs_task_execution_role.arn
  task_role_arn = aws_iam_role.ecs_task_role.arn
  cpu = 1024
  memory = 3072

  container_definitions = jsonencode([{
    name = "wordpress"
    image = "wordpress"
    essential = true
    cpu = 256
    memory = 512
    entryPoint = [ "sh", "-c"]
    command = ["ls -la /var/www/html"]
    mountPoints = [{
      sourceVolume = "wp"
      containerPath = "/var/www/html"
      readOnly = false
    }]
    environment = [{
      name = "WORDPRESS_DB_HOST"
      value = "127.0.0.1"}, 
    {
      name = "WORDPRESS_DB_USER"
      value = local.username
    },
    { 
      name = "WORDPRESS_DB_PASSWORD"
      value = local.password
    },
    {
      name = "WORDPRESS_DB_NAME"
      value = "wordpressdb"
    }]
    portMappings = [{
      protocol = "tcp"
      containerPort = 80
      hostPort = 80
    }]
    logConfiguration = {
      logDriver = "awslogs"
      options = {
        awslogs-group         = aws_cloudwatch_log_group.main.name
        awslogs-stream-prefix = "ecs"
        awslogs-region        = "eu-central-1"
      }}
  },
  {
    name = "db"
    image = "mysql"
    cpu = 256
    memory = 512
    essential = true
    environment = [{
      name = "MYSQL_DATABASE"
      value = "wordpressdb"}, 
    {
      name = "MYSQL_USER"
      value = local.username
    },
    {
      name = "MYSQL_PASSWORD"
      value = local.password
    }, 
    {
      name = "MYSQL_RANDOM_ROOT_PASSWORD"
      value = "1"
    }]
    mountPoints = [{
      sourceVolume = "db"
      containerPath = "/var/lib/mysql"
      readOnly = false
    }]
    portMappings = [{
      containerPort = 3306
      hostPort = 3306
    }]
    logConfiguration = {
      logDriver = "awslogs"
      options = {
        awslogs-group         = aws_cloudwatch_log_group.main.name
        awslogs-stream-prefix = "ecs"
        awslogs-region        = "eu-central-1"
      }
  }}
  ])
}

The efs system is located in eu-central-1 and is defined like this:

resource "aws_efs_file_system" "wordpress" {
    creation_token = "wordpress"
}

I really want to get this working and online resources regarding this issue are very vague.

Answer 1

I forgot to add an inbound rule for the efs and a mountpoint:

 ingress { 
        description = "nfs"
        from_port = 2049
        to_port = 2049
        protocol = "tcp"
        cidr_blocks = ["0.0.0.0/0"]
    }


   resource "aws_efs_mount_target" "wordpress_target" {
       count = length(aws_subnet.private)
       file_system_id  = aws_efs_file_system.wordpress.id
       subnet_id = aws_subnet.private[count.index].id
       security_groups = [aws_security_group.efs_wordpress_sg.id]
    }