From 502 to Drupal: Surviving ECS, EFS & Fargate

Deepak KumarDeepak Kumar
4 min read

"I thought deploying Drupal on AWS Fargate with Terraform would be fairly straightforward. But I was in for a DevOps deep dive. This post walks through the full debugging journey — from initial setup to finally getting Drupal’s installation screen live — after battling 502s, failing tasks, EFS mount errors, and more."

📅 Why ECS Fargate + EFS + Drupal?

I started this journey to build a real-world DevOps portfolio project. My goal was to:

  • Deploy Drupal using ECS Fargate (serverless container platform)

  • Use EFS to persist Drupal's sites/default/files directory

  • Manage infrastructure with Terraform (modularized)

  • Understand ECS health checks, logging, and networking

This combo of ECS + EFS + Terraform + Drupal seemed like a great way to cover real DevOps problems. Spoiler: it was very real.

📆 Initial Setup

I organized my project into clean Terraform modules:

  • network: VPC, subnets, IGW, route tables, SGs

  • ecs: task definition, service, IAM roles

  • efs: file system, access point, mount targets

  • rds: MySQL-compatible DB for Drupal

  • alb: Application Load Balancer

The Docker setup:

  • Drupal + Apache + Composer + Drush

  • EFS mounted at /var/www/html/sites/default/files

  • Entrypoint ran drush cim, updb, and then started Apache

Everything seemed ready. I deployed... and hit a wall.

❌ 502/503 Errors Begin

After ECS deployment:

  • ALB showed 502 Bad Gateway

  • ECS tasks kept cycling between PENDING → RUNNING → STOPPED

  • Health checks failed

  • CloudWatch logs were empty

It felt like debugging blindfolded.

⚡ Debugging Steps (and Failures)

1. Container Timeout

The entrypoint script had this line:

sleep 600  # wait for DB

This delayed Apache startup for 10 mins. ALB marked the container unhealthy before it could ever respond.

Fix: Removed the sleep. Apache now starts immediately.

2. Drush in Entrypoint

drush updb -y
drush cim -y
drush deploy -y

Running heavy Drupal commands during startup caused failures, especially if DB wasn't ready or EFS wasn't mounted.

Fix: Commented out Drush commands. Plan to run them as one-off tasks in CI/CD.

3. EFS Access Point Missing

Initially mounted EFS directly without access point, leading to permission issues.

Fix: Created EFS Access Point with UID:GID 33 (www-data), mounted via task definition with:

efs_volume_configuration {
  file_system_id = ...
  transit_encryption = "ENABLED"
  authorization_config {
    access_point_id = ...
    iam = "DISABLED"
  }
}

4. CloudWatch Logs Missing

Forgot logConfiguration block in ECS task. Had no visibility.

Fix: Added logs:

"logConfiguration": {
  "logDriver": "awslogs",
  "options": {
    "awslogs-group": "/ecs/drupal",
    "awslogs-region": "ap-south-1",
    "awslogs-stream-prefix": "ecs"
  }
}

Now I saw logs like:

✅ Container booted!
🚀 Starting Apache...

✔️ The Final Fixes That Worked

  • Rewrote entrypoint.sh to start Apache immediately

  • Disabled all non-essential Drupal commands

  • Used EFS access point with correct POSIX UID/GID

  • Ensured CloudWatch logging was enabled

  • Rebuilt Docker image

  • Pushed to ECR

  • Forced ECS deployment:

aws ecs update-service --cluster drupal-cluster \
  --service drupal-service \
  --force-new-deployment

Finally...

🎉 Drupal Installation Screen Appeared!

After days of debugging, I got the Drupal installer screen via my ALB DNS. The tasks were stable, logs clean, and the health checks passed.

📏 Final Architecture

  • VPC + 2 Public Subnets

  • ALB (listener on port 80)

  • ECS Fargate service with EFS volume

  • RDS (MySQL-compatible)

  • CloudWatch Logs

  • Terraform-managed infra

Optional: Add a diagram screenshot from Lucidchart or Excalidraw.

🌟 Lessons Learned

  • Never put long sleep or heavy drush logic in ECS entrypoint

  • ECS health checks are aggressive — start Apache quickly

  • EFS must use access point + correct user permissions

  • Use CloudWatch from day one

  • Modular Terraform helps a ton when iterating/debugging

🌐 What’s Next

  • Add CI/CD step to run Drush one-offs

  • Secure with HTTPS (ACM + Route53)

  • Add S3 backup of RDS and EFS

  • Try ECS Blue/Green deployments

🙏 Final Thoughts

This journey taught me more than any tutorial ever could. Real-world infrastructure isn't always plug-and-play. But once you tame the beast, it feels incredibly empowering.

If you're trying something similar, fork my GitHub repo (https://github.com/deepakaryan1988/Drupal-AWS) or ping me on LinkedIn (https://www.linkedin.com/in/deepakaryan1988). Happy to help you debug your way to success!

Thanks for reading!

13
Subscribe to my newsletter

Read articles from Deepak Kumar directly inside your inbox. Subscribe to the newsletter, and don't miss out.

AWSECSaws-fargateTerraformDockerDrupalDevopsCloudInfrastructure as codedebugging

Written by

Deepak Kumar
Deepak Kumar