AWS ECS PermissionError for Django Collectstatic after Fargate Update to 1.4

Question

I have an AWS ECS Task that runs a Django (Python) app and a Proxy for static files, both containers run on Docker.

Django has a command called collectstatic that copies all the static files into the shared folder that will be served by the proxy.

I have been running this setup for a few months without any problems, but around 17 March 2021 I noticed that my deployment was not updating my website.

Looking at my Django app logs I saw the error:

PermissionError: [Errno 13] Permission denied: '/vol/web/static'

I didn't make any configuration changes recently and after a week of experimentation, debug and frustration I noticed that a few other people from the same course that I followed to create this setup started having the exact same issue at the same time (basically a week ago).

At this time my only guess would be that something must have changed within AWS itself, but I'm not sure what to look for.

Any suggestions will be appreciated, thanks!

Note: I made sure that my setup works on my local environment with the proxy using a docker-compose file that simulates the app-proxy interaction, so I don't think this has anything to do with my settings.py or how my static files are configured.

EDIT I just learned that AWS Fargate updated from 1.3 to 1.4 and that seems to be causing the issue.

Answer 1

Ok, so there are 2 main solutions for this issue.

With the Fargate update the shared volume functionality between containers in the Cluster stopped working unless explicitly defined in the docker file.

One solution would be to just lock your Fargate version. As I'm using terraform this is what worked for me. Notice the platform version line:

resource "aws_ecs_service" "app" {
  name             = "${local.prefix}-app"
  cluster          = aws_ecs_cluster.main.name
  task_definition  = aws_ecs_task_definition.app.family
  desired_count    = 1
  launch_type      = "FARGATE"
  platform_version = "1.3.0"

The other solution was, in the docker file of my main app (not the proxy app) I had to add this line VOLUME /vol/web in the section that creates my shared volume:

RUN mkdir -p /vol/web/media
RUN mkdir -p /vol/web/static
RUN adduser -D user
RUN chown -R user:user /vol/
RUN chmod -R 755 /vol/web
USER user
VOLUME /vol/web

CMD ["entrypoint.sh"]

That's all, hope it helps!