From 502 to Drupal: Surviving ECS, EFS & Fargate
"I thought deploying Drupal on AWS Fargate with Terraform would be fairly straightforward. But I was in for a DevOps deep dive. This post walks through the full debugging journey — from initial setup to finally getting Drupal’s installation screen live — after battling 502s, failing tasks, EFS mount errors, and more."
📅 Why ECS Fargate + EFS + Drupal?
I started this journey to build a real-world DevOps portfolio project. My goal was to:
Deploy Drupal using ECS Fargate (serverless container platform)
Use EFS to persist Drupal's
sites/default/filesdirectoryManage infrastructure with Terraform (modularized)
Understand ECS health checks, logging, and networking
This combo of ECS + EFS + Terraform + Drupal seemed like a great way to cover real DevOps problems. Spoiler: it was very real.
📆 Initial Setup
I organized my project into clean Terraform modules:
network: VPC, subnets, IGW, route tables, SGsecs: task definition, service, IAM rolesefs: file system, access point, mount targetsrds: MySQL-compatible DB for Drupalalb: Application Load Balancer
The Docker setup:
Drupal + Apache + Composer + Drush
EFS mounted at
/var/www/html/sites/default/filesEntrypoint ran
drush cim,updb, and then started Apache
Everything seemed ready. I deployed... and hit a wall.
❌ 502/503 Errors Begin
After ECS deployment:
ALB showed 502 Bad Gateway
ECS tasks kept cycling between PENDING → RUNNING → STOPPED
Health checks failed
CloudWatch logs were empty
It felt like debugging blindfolded.
⚡ Debugging Steps (and Failures)
1. Container Timeout
The entrypoint script had this line:
sleep 600 # wait for DB
This delayed Apache startup for 10 mins. ALB marked the container unhealthy before it could ever respond.
Fix: Removed the sleep. Apache now starts immediately.
2. Drush in Entrypoint
drush updb -y
drush cim -y
drush deploy -y
Running heavy Drupal commands during startup caused failures, especially if DB wasn't ready or EFS wasn't mounted.
Fix: Commented out Drush commands. Plan to run them as one-off tasks in CI/CD.
3. EFS Access Point Missing
Initially mounted EFS directly without access point, leading to permission issues.
Fix: Created EFS Access Point with UID:GID 33 (www-data), mounted via task definition with:
efs_volume_configuration {
file_system_id = ...
transit_encryption = "ENABLED"
authorization_config {
access_point_id = ...
iam = "DISABLED"
}
}
4. CloudWatch Logs Missing
Forgot logConfiguration block in ECS task. Had no visibility.
Fix: Added logs:
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/drupal",
"awslogs-region": "ap-south-1",
"awslogs-stream-prefix": "ecs"
}
}
Now I saw logs like:
✅ Container booted!
🚀 Starting Apache...
✔️ The Final Fixes That Worked
Rewrote
entrypoint.shto start Apache immediatelyDisabled all non-essential Drupal commands
Used EFS access point with correct POSIX UID/GID
Ensured CloudWatch logging was enabled
Rebuilt Docker image
Pushed to ECR
Forced ECS deployment:
aws ecs update-service --cluster drupal-cluster \
--service drupal-service \
--force-new-deployment
Finally...
🎉 Drupal Installation Screen Appeared!
After days of debugging, I got the Drupal installer screen via my ALB DNS. The tasks were stable, logs clean, and the health checks passed.
📏 Final Architecture
VPC + 2 Public Subnets
ALB (listener on port 80)
ECS Fargate service with EFS volume
RDS (MySQL-compatible)
CloudWatch Logs
Terraform-managed infra
Optional: Add a diagram screenshot from Lucidchart or Excalidraw.
🌟 Lessons Learned
Never put long
sleepor heavydrushlogic in ECS entrypointECS health checks are aggressive — start Apache quickly
EFS must use access point + correct user permissions
Use
CloudWatchfrom day oneModular Terraform helps a ton when iterating/debugging
🌐 What’s Next
Add CI/CD step to run Drush one-offs
Secure with HTTPS (ACM + Route53)
Add S3 backup of RDS and EFS
Try ECS Blue/Green deployments
🙏 Final Thoughts
This journey taught me more than any tutorial ever could. Real-world infrastructure isn't always plug-and-play. But once you tame the beast, it feels incredibly empowering.
If you're trying something similar, fork my GitHub repo (https://github.com/deepakaryan1988/Drupal-AWS) or ping me on LinkedIn (https://www.linkedin.com/in/deepakaryan1988). Happy to help you debug your way to success!
Thanks for reading!
