IA-1708: Swapping volume id to fs-id+md5(path)

Author: bushong1

examples/efs/efs.tf

@@ -0,0 +1,43 @@
+# Configure two EFS mounts, a security group, and some mount targets
+
+data "aws_vpc" "default" {
+  default = true
+}
+data "aws_subnet_ids" "default" {
+  vpc_id = data.aws_vpc.default.id
+}
+
+resource "aws_security_group" "efs" {
+  description = "easy-fargate-efs EFS"
+  vpc_id      = data.aws_vpc.default.id
+}
+
+resource "aws_efs_file_system" "efs-one" {
+  creation_token = "easy-fargate-efs-one"
+
+  tags = {
+    Name = "easy-fargate-efs-one"
+  }
+}
+
+resource "aws_efs_mount_target" "efs-one" {
+  for_each        = data.aws_subnet_ids.default.ids
+  file_system_id  = aws_efs_file_system.efs-one.id
+  subnet_id       = each.key
+  security_groups = [aws_security_group.efs.id]
+}
+
+resource "aws_efs_file_system" "efs-two" {
+  creation_token = "easy-fargate-efs-two"
+
+  tags = {
+    Name = "easy_fargate-efs-two"
+  }
+}
+
+resource "aws_efs_mount_target" "efs-two" {
+  for_each        = data.aws_subnet_ids.default.ids
+  file_system_id  = aws_efs_file_system.efs-two.id
+  subnet_id       = each.key
+  security_groups = [aws_security_group.efs.id]
+}

examples/efs/main.tf

@@ -1,24 +1,55 @@
-resource "aws_efs_file_system" "efs-task" {
-  creation_token = "my-efs-task"
-
-  tags = {
-    Name = "my-efs-task"
-  }
-}
-
 module "efs-task" {
   #source              = "USSBA/easy-fargate/aws"
   #version             = "~> 2.0"
   source = "../../"
 
-  name              = "my-efs-task"
-  container_image   = "ubuntu:latest"
-  container_command = ["curl", "https://www.google.com"]
+  name            = "easy-fargate-efs-task"
+  container_image = "ubuntu:latest"
+  container_command = ["bash", "-cx", <<-EOT
+     apt update;
+     apt install tree -y;
+     tree /mnt;
+     touch /mnt/one_a/foo-`date -Iminutes`;
+     tree /mnt;
+     touch /mnt/one_b/bar-`date -Iminutes`;
+     tree /mnt;
+     touch /mnt/two/baz-`date -Iminutes`;
+     tree /mnt;
+   EOT
+  ]
   efs_configs = [
+    # Mount 1: efs-one:/ => container:/mnt/one_a
+    # Mount 2: efs-one:/ => container:/mnt/one_b
+    #   Shares a task Volume with Mount 1
+    # Mount 3: efs-two:/ => container:/mnt/two
+    # Container will have access to directories:
+    #   /mnt/one_a
+    #   /mnt/one_b
+    #   /mnt/two
+    {
+      file_system_id = aws_efs_file_system.efs-one.id
+      root_directory = "/"
+      container_path = "/mnt/one_a"
+    },
+    {
+      file_system_id = aws_efs_file_system.efs-one.id
+      root_directory = "/"
+      container_path = "/mnt/one_b"
+    },
     {
-      file_system_id = aws_efs_file_system.efs-task.id
+      file_system_id = aws_efs_file_system.efs-two.id
       root_directory = "/"
-      container_path = "/mounted-efs"
-    }
+      container_path = "/mnt/two"
+    },
   ]
 }
+
+# Allow Fargate task into EFS
+resource "aws_security_group_rule" "allow_fargate_into_efs" {
+  type                     = "ingress"
+  from_port                = 2049
+  to_port                  = 2049
+  protocol                 = "tcp"
+  security_group_id        = aws_security_group.efs.id
+  source_security_group_id = module.efs-task.security_group_ids[0]
+}

main.tf

@@ -132,13 +132,13 @@ resource "aws_iam_role_policy" "ecs_task_execution_role_policy" {
 
 locals {
   efs_volumes = distinct([for config in var.efs_configs : {
-    vol_id         = md5("${config.file_system_id}-${config.root_directory}")
+    vol_id         = "${config.file_system_id}-${md5(config.root_directory)}"
     file_system_id = config.file_system_id
     root_directory = config.root_directory
   }])
   efs_mountpoints = [for config in var.efs_configs : {
     containerPath = config.container_path
-    sourceVolume  = md5("${config.file_system_id}-${config.root_directory}")
+    sourceVolume  = "${config.file_system_id}-${md5(config.root_directory)}"
     readOnly      = false
   }]
 }