[ECS] [request]: make EFS volume mount work in IPv6 subnets with DNS64 enabled

[yann-soubeyrand]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request

Until IPv6 is available for EFS mount targets, we’d like ECS to use IPv4 for EFS volume mounts.

Which service(s) is this request for?

ECS

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?

We have a VPC with dual stack subnets having DNS64 enabled. We run an ECS Fargate cluster inside these subnets and we want to use EFS volumes for our tasks. We set up an EFS file system with mount targets inside the subnets and added an ingress rule to the mount target security group to allow traffic on port 2049 from the security group of our task. This doesn’t work unless we disable auto allocation of IPv6 address on the subnets.

Are you currently working around this issue?

We can work around this issue by adding an ingress rule allowing traffic on port 2049 from the NAT gateway subnets to the EFS mount targets security group.