Error with Jenkins ECS and EFS

Question

I'm trying to use Jenkins deploy to ECS with EFS. (/var/jenkins_home is mounted)

It seems all fine except when I deploy a service I get following error in the log:

touch: cannot touch ‘/var/jenkins_home/copy_reference_file.log’: Permission denied
Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions?
No newer events found at the moment. Retry.

Is there a way to fix this issue so I have enough permissions on /var/jenkins_home?

Answer 1

yeah, its kinda crazy, but a simple solution is just to run chown command on your efs file location. E.g if '/efs' is your EFS mount, simple run sudo chown 1000 efs/

should work just fine immediately after

Answer 2

just to add in @jonathan answer create a new docker file which overrides jenkins official image like so

from jenkins/jenkins

USER root


RUN chown -R 1000 /var

create new docker image docker build . this will create a new docker image which no longer suffers from EFS permission issues.

Answer 3

what worked for me was creating an access point to efs: https://github.com/aws-samples/serverless-jenkins-on-aws-fargate/blob/main/modules/jenkins_platform/efs.tf

here's my simplified solution based on source above:

resource "aws_efs_file_system" "jenkins" {
  creation_token = "jenkins"
  encrypted      = true

  lifecycle_policy {
    transition_to_ia = "AFTER_30_DAYS"
  }
  tags = {
    Name = "jenkins"
  }
}

resource "aws_efs_access_point" this {
  file_system_id = aws_efs_file_system.jenkins.id

  posix_user {
    gid = 0
    uid = 0
  }
  root_directory {
    path = "/"
    creation_info {
      owner_gid   = 1000 # jenkins
      owner_uid   = 1000 # jenkins
      permissions = "755"
    }
  }
  tags = {
    Name = "root"
  }
}

Ideally you want to use this module or fork it and make your own module.