FS "does not have mount targets created in all availability zones the function will execute in" (but it does)

0

I'm getting this error

Resource handler returned message: "EFS file system arn:aws:elasticfilesystem:us- west-2:999999999999:file- system/fs-0389f6268bc5e61a8 referenced by access point arn:aws:elasticfilesystem:us- west-2:999999999999:access- point/fsap-0ee6de7a6069fda4a does not have mount targets created in all availability zones the function will execute in. Please create EFS mount targets in availability zones where the function has a corresponding subnet provided. (Service: Lambda, Status Code: 400, Request ID: 5c4b694a-ba28-4a9f-8e1a-f1fde134f398)" (RequestToken: 85c51e18-d780-d8df-44d2-54c1194cea9f, HandlerErrorCode: InvalidRequest)

But I don't understand because clearly I have setup the 3 AZs. Here's my template in its entirety:

AWSTemplateFormatVersion: 2010-09-09
Description: >-
  pouchdb-sam-app

Transform:
- AWS::Serverless-2016-10-31

Parameters:
  FileSystemName:
    Type: String
    Default: TestFileSystem

Resources:

  MountTargetVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 172.31.0.0/16
      EnableDnsHostnames: True
      EnableDnsSupport: True      
 
  MountTargetSubnetOne:
    Type: AWS::EC2::Subnet
    Properties:
      CidrBlock: 172.31.1.0/24
      VpcId: !Ref MountTargetVPC
      AvailabilityZone: !Sub "${AWS::Region}a"

  MountTargetSubnetTwo:
    Type: AWS::EC2::Subnet
    Properties:
      CidrBlock: 172.31.2.0/24
      VpcId: !Ref MountTargetVPC
      AvailabilityZone: !Sub "${AWS::Region}b"

  MountTargetSubnetThree:
    Type: AWS::EC2::Subnet
    Properties:
      CidrBlock: 172.31.3.0/24
      VpcId: !Ref MountTargetVPC
      AvailabilityZone: !Sub "${AWS::Region}c"
 
  FileSystemResource:
    Type: 'AWS::EFS::FileSystem'
    Properties:
      PerformanceMode: maxIO
      Encrypted: true
      FileSystemTags:
        - Key: Name
          Value: !Ref FileSystemName
      FileSystemPolicy:
        Version: "2012-10-17"
        Statement:
          - Effect: "Allow"
            Action:
              - "elasticfilesystem:ClientMount"
            Principal:
              AWS: "*"

  MountTargetResource1:
    Type: AWS::EFS::MountTarget
    Properties:
      FileSystemId: !Ref FileSystemResource
      SubnetId: !Ref MountTargetSubnetOne
      SecurityGroups:
      - !GetAtt MountTargetVPC.DefaultSecurityGroup

  MountTargetResource2:
    Type: AWS::EFS::MountTarget
    Properties:
      FileSystemId: !Ref FileSystemResource
      SubnetId: !Ref MountTargetSubnetTwo
      SecurityGroups:
      - !GetAtt MountTargetVPC.DefaultSecurityGroup

  MountTargetResource3:
    Type: AWS::EFS::MountTarget
    Properties:
      FileSystemId: !Ref FileSystemResource
      SubnetId: !Ref MountTargetSubnetThree
      SecurityGroups:
      - !GetAtt MountTargetVPC.DefaultSecurityGroup
 
  AccessPointResource:
    Type: 'AWS::EFS::AccessPoint'
    Properties:
      FileSystemId: !Ref FileSystemResource
      PosixUser:
        Uid: "1000"
        Gid: "1000"
      RootDirectory:
        CreationInfo:
          OwnerGid: "1000"
          OwnerUid: "1000"
          Permissions: "0777"
        Path: "/data"

  getAllItemsFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: src/handlers/get-all-items.getAllItemsHandler
      Runtime: nodejs16.x
      Architectures:
        - x86_64
      MemorySize: 128
      Timeout: 100
      Events:
        Api:
          Type: Api
          Properties:
            Path: /{proxy+}
            Method: ANY
      VpcConfig:
        SecurityGroupIds:
        - !GetAtt MountTargetVPC.DefaultSecurityGroup
        SubnetIds: [ !Ref MountTargetSubnetOne, !Ref MountTargetSubnetTwo, !Ref MountTargetSubnetThree ]
      FileSystemConfigs:
      - Arn: !GetAtt AccessPointResource.Arn
        LocalMountPath: "/mnt/data"
      Policies:
      - Statement:
        - Sid: AWSLambdaVPCAccessExecutionRole
          Effect: Allow
          Action:
            - logs:CreateLogGroup
            - logs:CreateLogStream
            - logs:PutLogEvents
            - ec2:CreateNetworkInterface
            - ec2:DescribeNetworkInterfaces
            - ec2:DeleteNetworkInterface
          Resource: "*"
        - Sid: AmazonElasticFileSystemClientFullAccess
          Effect: Allow
          Action:
            - elasticfilesystem:ClientMount
            - elasticfilesystem:ClientRootAccess
            - elasticfilesystem:ClientWrite
            - elasticfilesystem:DescribeMountTargets
          Resource: "*"

Outputs:
  WebEndpoint:
    Description: "API Gateway endpoint URL for Prod stage"
    Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/"
1 Answer
0

Fixed by adding DependsOn: [ MountTargetResource1, MountTargetResource2, MountTargetResource3 ] under getAllItemsFunction.

Alex1
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions