CODEWITHSUNDEEP
amazon-web-servicesdockeramazon-ecsaws-fargate
Charles Dahab
Charles Dahab

Reputation: 91

AWS Fargate - Volumes

I am having a problem with my docker compose file: This is my docker compose file:

version: '3'

  services:
   nginx-proxy:
    image: xxxxx.dkr.ecr.xxxxx.amazonaws.com/xxxx:latest
    container_name: "nginx-proxy"
    restart: always
    ports:
     - "80:80"
     - "443:443"
    volumes:
     - /var/run/docker.sock:/tmp/docker.sock:ro
...

This is the following error:

ClientException: host.sourcePath should not be set for volumes in Fargate

My task Definition:

"mountPoints": [],
...
"volumes": [],
...
"readonlyRootFilesystem": false,

I also want my volume to be "read only".

Does anyone know which variable name I need to use on my docker composer file?

Can someone help me?

Thanks

Upvotes: 5

Views: 10599

Answers (1)

bluescores
bluescores

Reputation: 4677

Does anyone know which variable name I need to use on my docker composer file?

Fargate does not allow you to specify the host or sourcePath for a bind mount. You can check the docs for bind volumes and the overview for Fargate task storage docs to learn more.

The big premise of Fargate is it obfuscates the underlying host from the task, so you as an end user have very little options for interacting with the host - you can't ssh to it, you can't touch its filesystem. In the case of bind mounts, you can't specify the host because you don't know the name or location of the host at deploy time, and you can't further specify the sourcePath because you can't know anything about the file system on the host.

In the instance of trying to mount the docker.sock especially, that would give you access to every container running on the host, which likely belongs to other accounts/aws users. That would be very bad all around.

Can I use a bind mount with Fargate?

Yes. Though it might be of limited usefulness since you won't be able to access the file system of the underlying host to retrieve any files passed from the container to the host.

If the sourcePath value does not exist on the host container instance, the Docker daemon creates it.

So the answer for a bind mount is essentially to not specify host, and the Docker daemon will just create a path for you. Is that helpful? Probably not in your case.

Upvotes: 6

Related Questions