From 502 to Drupal: Surviving ECS, EFS & Fargate


"I thought deploying Drupal on AWS Fargate with Terraform would be fairly straightforward. But I was in for a DevOps deep dive. This post walks through the full debugging journey — from initial setup to finally getting Drupal’s installation screen live — after battling 502s, failing tasks, EFS mount errors, and more."
📅 Why ECS Fargate + EFS + Drupal?
I started this journey to build a real-world DevOps portfolio project. My goal was to:
Deploy Drupal using ECS Fargate (serverless container platform)
Use EFS to persist Drupal's
sites/default/files
directoryManage infrastructure with Terraform (modularized)
Understand ECS health checks, logging, and networking
This combo of ECS + EFS + Terraform + Drupal seemed like a great way to cover real DevOps problems. Spoiler: it was very real.
📆 Initial Setup
I organized my project into clean Terraform modules:
network
: VPC, subnets, IGW, route tables, SGsecs
: task definition, service, IAM rolesefs
: file system, access point, mount targetsrds
: MySQL-compatible DB for Drupalalb
: Application Load Balancer
The Docker setup:
Drupal + Apache + Composer + Drush
EFS mounted at
/var/www/html/sites/default/files
Entrypoint ran
drush cim
,updb
, and then started Apache
Everything seemed ready. I deployed... and hit a wall.
❌ 502/503 Errors Begin
After ECS deployment:
ALB showed 502 Bad Gateway
ECS tasks kept cycling between PENDING → RUNNING → STOPPED
Health checks failed
CloudWatch logs were empty
It felt like debugging blindfolded.
⚡ Debugging Steps (and Failures)
1. Container Timeout
The entrypoint script had this line:
sleep 600 # wait for DB
This delayed Apache startup for 10 mins. ALB marked the container unhealthy before it could ever respond.
Fix: Removed the sleep. Apache now starts immediately.
2. Drush in Entrypoint
drush updb -y
drush cim -y
drush deploy -y
Running heavy Drupal commands during startup caused failures, especially if DB wasn't ready or EFS wasn't mounted.
Fix: Commented out Drush commands. Plan to run them as one-off tasks in CI/CD.
3. EFS Access Point Missing
Initially mounted EFS directly without access point, leading to permission issues.
Fix: Created EFS Access Point with UID:GID 33 (www-data), mounted via task definition with:
efs_volume_configuration {
file_system_id = ...
transit_encryption = "ENABLED"
authorization_config {
access_point_id = ...
iam = "DISABLED"
}
}
4. CloudWatch Logs Missing
Forgot logConfiguration
block in ECS task. Had no visibility.
Fix: Added logs:
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/drupal",
"awslogs-region": "ap-south-1",
"awslogs-stream-prefix": "ecs"
}
}
Now I saw logs like:
✅ Container booted!
🚀 Starting Apache...
✔️ The Final Fixes That Worked
Rewrote
entrypoint.sh
to start Apache immediatelyDisabled all non-essential Drupal commands
Used EFS access point with correct POSIX UID/GID
Ensured CloudWatch logging was enabled
Rebuilt Docker image
Pushed to ECR
Forced ECS deployment:
aws ecs update-service --cluster drupal-cluster \
--service drupal-service \
--force-new-deployment
Finally...
🎉 Drupal Installation Screen Appeared!
After days of debugging, I got the Drupal installer screen via my ALB DNS. The tasks were stable, logs clean, and the health checks passed.
📏 Final Architecture
VPC + 2 Public Subnets
ALB (listener on port 80)
ECS Fargate service with EFS volume
RDS (MySQL-compatible)
CloudWatch Logs
Terraform-managed infra
Optional: Add a diagram screenshot from Lucidchart or Excalidraw.
🌟 Lessons Learned
Never put long
sleep
or heavydrush
logic in ECS entrypointECS health checks are aggressive — start Apache quickly
EFS must use access point + correct user permissions
Use
CloudWatch
from day oneModular Terraform helps a ton when iterating/debugging
🌐 What’s Next
Add CI/CD step to run Drush one-offs
Secure with HTTPS (ACM + Route53)
Add S3 backup of RDS and EFS
Try ECS Blue/Green deployments
🙏 Final Thoughts
This journey taught me more than any tutorial ever could. Real-world infrastructure isn't always plug-and-play. But once you tame the beast, it feels incredibly empowering.
If you're trying something similar, fork my GitHub repo (https://github.com/deepakaryan1988/Drupal-AWS) or ping me on LinkedIn (https://www.linkedin.com/in/deepakaryan1988). Happy to help you debug your way to success!
Thanks for reading!
Subscribe to my newsletter
Read articles from Deepak Kumar directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
