Revert "fix: remove EFS from AWS stack - use S3 caching for storage instead"

This reverts commit fdb7286204.

src/model/cloud-runner/providers/aws/aws-job-stack.ts

@@ -126,6 +126,10 @@ export class AWSJobStack {
         ParameterKey: 'WorkingDirectory',
         ParameterValue: workingdir,
       },
+      {
+        ParameterKey: 'EFSMountDirectory',
+        ParameterValue: mountdir,
+      },
       ...secretsMappedToCloudFormationParameters,
     ];
     CloudRunnerLogger.log(

src/model/cloud-runner/providers/aws/cloud-formations/base-stack-formation.ts

@@ -52,6 +52,18 @@ Resources:
     Properties:
       BucketName: !Ref EnvironmentName
 
+  EFSServerSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupName: 'efs-server-endpoints'
+      GroupDescription: Which client ip addrs are allowed to access EFS server
+      VpcId: !Ref 'VPC'
+      SecurityGroupIngress:
+        - IpProtocol: tcp
+          FromPort: 2049
+          ToPort: 2049
+          SourceSecurityGroupId: !Ref ContainerSecurityGroup
+          #CidrIp: !FindInMap ['SubnetConfig', 'VPC', 'CIDR']
   # A security group for the containers we will run in Fargate.
   # Rules are added to this security group based on what ingress you
   # add for the cluster.
@@ -287,7 +299,48 @@ Resources:
                   - 'kinesis:PutRecord'
                 Resource: '*'
 
+  #####################EFS#####################
+  EfsFileStorage:
+    Type: 'AWS::EFS::FileSystem'
+    Properties:
+      BackupPolicy:
+        Status: ENABLED
+      PerformanceMode: maxIO
+      Encrypted: false
+
+      FileSystemPolicy:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: 'Allow'
+            Action:
+              - 'elasticfilesystem:ClientMount'
+              - 'elasticfilesystem:ClientWrite'
+              - 'elasticfilesystem:ClientRootAccess'
+            Principal:
+              AWS: '*'
+
+  MountTargetResource1:
+    Type: AWS::EFS::MountTarget
+    Properties:
+      FileSystemId: !Ref EfsFileStorage
+      SubnetId: !Ref PublicSubnetOne
+      SecurityGroups:
+        - !Ref EFSServerSecurityGroup
+
+  MountTargetResource2:
+    Type: AWS::EFS::MountTarget
+    Properties:
+      FileSystemId: !Ref EfsFileStorage
+      SubnetId: !Ref PublicSubnetTwo
+      SecurityGroups:
+        - !Ref EFSServerSecurityGroup
+
 Outputs:
+  EfsFileStorageId:
+    Description: 'The connection endpoint for the database.'
+    Value: !Ref EfsFileStorage
+    Export:
+      Name: !Sub ${'${EnvironmentName}'}:EfsFileStorageId
   ClusterName:
     Description: The name of the ECS cluster
     Value: !Ref 'ECSCluster'

src/model/cloud-runner/providers/aws/cloud-formations/task-definition-formation.ts

@@ -54,9 +54,9 @@ Parameters:
     Description: >-
       (Optional) An IAM role to give the service's containers if the code within
       needs to access other AWS resources like S3 buckets, DynamoDB tables, etc
-  WorkDir:
+  EFSMountDirectory:
     Type: String
-    Default: '/data'
+    Default: '/efsdata'
   # template secrets p1 - input
 Mappings:
   SubnetConfig:
@@ -90,6 +90,12 @@ Resources:
       Cpu: !Ref ContainerCpu
       Memory: !Ref ContainerMemory
       NetworkMode: awsvpc
+      Volumes:
+        - Name: efs-data
+          EFSVolumeConfiguration:
+            FilesystemId:
+              'Fn::ImportValue': !Sub '${'${EnvironmentName}'}:EfsFileStorageId'
+            TransitEncryption: DISABLED
       RequiresCompatibilities:
         - FARGATE
       ExecutionRoleArn:
@@ -117,6 +123,10 @@ Resources:
             - Name: ALLOW_EMPTY_PASSWORD
               Value: 'yes'
             # template - env vars
+          MountPoints:
+            - SourceVolume: efs-data
+              ContainerPath: !Ref EFSMountDirectory
+              ReadOnly: false
           Secrets:
             # template secrets p3 - container def
           LogConfiguration: