feat(compose): Add EFS volume support to ECS Params.

ecs-cli/modules/utils/compose/convert_task_definition.go

@@ -262,42 +262,83 @@ func convertToECSSecrets(secrets []Secret) []*ecs.Secret {
 }
 
 func mergeVolumesWithoutHost(composeVolumes []string, ecsParams *ECSParams) ([]*ecs.Volume, error) {
-	volumesWithoutHost := make(map[string]DockerVolume)
+	volumesWithoutHost := make(map[string]Volume)
 	output := []*ecs.Volume{}
 
 	for _, volName := range composeVolumes {
-		volumesWithoutHost[volName] = DockerVolume{}
+		volumesWithoutHost[volName] = Volume{}
 	}
 
 	if ecsParams != nil {
 		for _, dockerVol := range ecsParams.TaskDefinition.DockerVolumes {
 			if dockerVol.Name != "" {
-				volumesWithoutHost[dockerVol.Name] = dockerVol
+				volumesWithoutHost[dockerVol.Name] = Volume{DockerVolumeConfig: dockerVol}
 			} else {
 				return nil, fmt.Errorf("Name is required when specifying a docker volume")
 			}
 		}
+		for _, efsVol := range ecsParams.TaskDefinition.EFSVolumes {
+			if efsVol.Name != "" {
+				volumesWithoutHost[efsVol.Name] = Volume{EFSVolumeConfig: efsVol}
+			}
+		}
 	}
-
+	var dVolCfg DockerVolume
+	var efsVolCfg EFSVolume
 	for volName, dVol := range volumesWithoutHost {
 		ecsVolume := &ecs.Volume{
 			Name: aws.String(volName),
 		}
-		if dVol.Name != "" {
+		dVolCfg = dVol.DockerVolumeConfig
+		efsVolCfg = dVol.EFSVolumeConfig
+		if dVolCfg.Name != "" {
 			ecsVolume.DockerVolumeConfiguration = &ecs.DockerVolumeConfiguration{
-				Autoprovision: dVol.Autoprovision,
+				Autoprovision: dVolCfg.Autoprovision,
+			}
+			if dVolCfg.Driver != nil {
+				ecsVolume.DockerVolumeConfiguration.Driver = dVolCfg.Driver
+			}
+			if dVolCfg.Scope != nil {
+				ecsVolume.DockerVolumeConfiguration.Scope = dVolCfg.Scope
+			}
+			if dVolCfg.DriverOptions != nil {
+				ecsVolume.DockerVolumeConfiguration.DriverOpts = aws.StringMap(dVolCfg.DriverOptions)
+			}
+			if dVolCfg.Labels != nil {
+				ecsVolume.DockerVolumeConfiguration.Labels = aws.StringMap(dVolCfg.Labels)
+			}
+		}
+		if efsVolCfg.Name != "" {
+			ecsVolume.EfsVolumeConfiguration = &ecs.EFSVolumeConfiguration{}
+			if efsVolCfg.FileSystemID != nil {
+				ecsVolume.EfsVolumeConfiguration.FileSystemId = efsVolCfg.FileSystemID
+			} else {
+				return nil, fmt.Errorf("file system id is required for efs volumes")
+			}
+			if efsVolCfg.RootDirectory != nil {
+				ecsVolume.EfsVolumeConfiguration.RootDirectory = efsVolCfg.RootDirectory
+			}
+			var transitEncryptionRequired = false
+			efsAuthCfg := &ecs.EFSAuthorizationConfig{}
+			if efsVolCfg.IAM != nil {
+				efsAuthCfg.Iam = efsVolCfg.IAM
+				if *efsVolCfg.IAM == "ENABLED" {
+					transitEncryptionRequired = true
+				}
 			}
-			if dVol.Driver != nil {
-				ecsVolume.DockerVolumeConfiguration.Driver = dVol.Driver
+			if efsVolCfg.AccessPointID != nil {
+				efsAuthCfg.AccessPointId = efsVolCfg.AccessPointID
+				transitEncryptionRequired = true
 			}
-			if dVol.Scope != nil {
-				ecsVolume.DockerVolumeConfiguration.Scope = dVol.Scope
+			ecsVolume.EfsVolumeConfiguration.AuthorizationConfig = efsAuthCfg
+			if efsVolCfg.TransitEncryption != nil {
+				ecsVolume.EfsVolumeConfiguration.TransitEncryption = efsVolCfg.TransitEncryption
 			}
-			if dVol.DriverOptions != nil {
-				ecsVolume.DockerVolumeConfiguration.DriverOpts = aws.StringMap(dVol.DriverOptions)
+			if transitEncryptionRequired && *efsVolCfg.TransitEncryption != "ENABLED" {
+				return nil, fmt.Errorf("Transit encryption is required when using IAM access or an access point")
 			}
-			if dVol.Labels != nil {
-				ecsVolume.DockerVolumeConfiguration.Labels = aws.StringMap(dVol.Labels)
+			if efsVolCfg.TransitEncryptionPort != nil {
+				ecsVolume.EfsVolumeConfiguration.TransitEncryptionPort = efsVolCfg.TransitEncryptionPort
 			}
 		}
 		output = append(output, ecsVolume)

ecs-cli/modules/utils/compose/ecs_params_reader.go

@@ -51,6 +51,7 @@ type EcsTaskDef struct {
 	ExecutionRole        string         `yaml:"task_execution_role"`
 	TaskSize             TaskSize       `yaml:"task_size"` // Needed to run FARGATE tasks
 	DockerVolumes        []DockerVolume `yaml:"docker_volumes"`
+	EFSVolumes           []EFSVolume    `yaml:"efs_volumes"`
 	PlacementConstraints []Constraint   `yaml:"placement_constraints"`
 }
 
@@ -73,6 +74,11 @@ type ContainerDef struct {
 	GPU                   string                 `yaml:"gpu"`
 }
 
+type Volume struct {
+	DockerVolumeConfig DockerVolume
+	EFSVolumeConfig    EFSVolume
+}
+
 type DockerVolume struct {
 	Name          string            `yaml:"name"`
 	Scope         *string           `yaml:"scope"`
@@ -82,6 +88,16 @@ type DockerVolume struct {
 	Labels        map[string]string `yaml:"labels"`
 }
 
+type EFSVolume struct {
+	Name                  string  `yaml:"name"`
+	FileSystemID          *string `yaml:"filesystem_id"` // Required
+	RootDirectory         *string `yaml:"root_directory"`
+	TransitEncryption     *string `yaml:"transit_encryption"` // Optional. default: DISABLED. options: ENABLED or DISABLED
+	TransitEncryptionPort *int64  `yaml:"transit_encryption_port"`
+	AccessPointID         *string `yaml:"access_point"`
+	IAM                   *string `yaml:"iam"` // default: DISABLED. options: ENABLED or DISABLED
+}
+
 // Firelens holds all possible fields for logging via Firelens
 // https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_FirelensConfiguration.html
 type FirelensConfiguration struct {