Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Cannot create ECS Service via CloudFormation

Tags:

amazon-web-services

amazon-cloudformation

I create the following CloudFormation template files to create ECS Cluster and TaskDefinition, Service but got an error. What's wrong these settings?

  1. When create ECS Service using the following templates, got Please verify that the ECS service role being passed has the proper permissions
  2. When create the templates without a property Role: !ImportValue "IAMRoleECSService" , does not occur errors, but does not finish from CREATE_IN_PROGRESS 
ECSApplicationService:
  Type: "AWS::ECS::Service"
  DependsOn:
    - "ECSApplicationCluster"
    - "ECSApplicationTaskDefinition"
  Properties:
    Cluster: !Ref "ECSApplicationCluster"
    DeploymentConfiguration:
      MaximumPercent: 100
      MinimumHealthyPercent: 50
    DesiredCount: 4
    LoadBalancers:
      - ContainerName: !Ref "ContainerAppName"
        ContainerPort: 80
        TargetGroupArn: !ImportValue "ALBTargetGroup"
    Role: !ImportValue "IAMRoleECSService"
    ServiceName: "ecs-application-service"
    TaskDefinition: !Ref "ECSApplicationTaskDefinition"

IAMRoleECSService:
  Type: "AWS::IAM::Role"
  Properties:
    RoleName: "ecs-service"
    AssumeRolePolicyDocument:
      Version: "2012-10-17"
      Statement:
        - Effect: "Allow"
          Principal:
            Service:
              - "ecs.amazonaws.com"
          Action:
            - "sts:AssumeRole"
    Policies:
      - PolicyName: "ec2-management"
        PolicyDocument:
          Version: "2012-10-17"
          Statement:
            - Effect: "Allow"
              Action:
                - "ec2:AuthorizeSecurityGroupIngress"
                - "ec2:Describe*"
              Resource: "*"
      - PolicyName: "alb-management"
        PolicyDocument:
          Version: "2012-10-17"
          Statement:
            - Effect: "Allow"
              Action:
                - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer"
                - "elasticloadbalancing:DeregisterTargets"
                - "elasticloadbalancing:DescribeTargetGroups"
                - "elasticloadbalancing:DescribeTargetHealth"
                - "elasticloadbalancing:Describe*"
                - "elasticloadbalancing:RegisterInstancesWithLoadBalancer"
                - "elasticloadbalancing:RegisterTargets"
              Resource: "*"

What should I do?

like image 542
Yohsuke Inoda Avatar asked Dec 04 '17 14:12

Yohsuke Inoda

People also ask

Does ECS use CloudFormation?

Deploying Microservices with Amazon ECS, AWS CloudFormation, and an Application Load Balancer. This reference architecture provides a set of YAML templates for deploying microservices to Amazon EC2 Container Service (Amazon ECS) with AWS CloudFormation.

How do I enable ECS?

The institutional User has to first register with a ECS Centre. The User has to also obtain the consent of beneficiaries and get their bank account particulars prior to participation in the ECS Credit scheme. ECS Credit payments can be put through by the ECS User only through his / her bank (known as the Sponsor bank).

1 Answers

UPDATE: As of July 19th 2018, it is now possible to create a IAM Service-Linked Roles using CloudFormation https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-servicelinkedrole.html.

   EcsServiceLinkedRole:
    Type: "AWS::IAM::ServiceLinkedRole"
    Properties:
      AWSServiceName: "ecs.amazonaws.com"
      Description: "Role to enable Amazon ECS to manage your cluster."

OLD ANSWER: ECS now rely on a Service-Linked Roles instead of normal roles. Make sure you have created it for the account using:

aws iam create-service-linked-role --aws-service-name ecs.amazonaws.com

Then remove the Role parameter from your IAMRoleECSService as it's no longer needed.

like image 77
Laurent Jalbert Simard Avatar answered Sep 21 '22 20:09

Laurent Jalbert Simard
Sign in to Comment

Related questions

Use boto3 to download from public bucket
How to make a AWS Data Pipeline ShellCommandActivity Script execute a python file
AWS Load Balancer ERR_TOO_MANY_REDIRECTS
How can I use AWS CloudFront and API Gateway side by side for the same domain?
Connecting with Athena using Python and pyathenajdbc
Automate deployment of static website files to S3 after the build
S3 cli includes not working
Serverless framework 'dev' and 'prod' seperation
How to export Cognito User Pool settings to CloudFormation template?
How to obtain AWS IOT endpoint URL from within a CloudFormation template?
AWS ELB and GoDaddy Domain working
List all EC2 instance types in a region or AZ [closed]
How to reference AWS ACM Certificate when using AWS API to get certificate [duplicate]
Login to AWS from AWS Tools for Powershell
AWS - Server side encryption Access denied- Change encryption failure for root user
What's the advantages of using Docker with AWS Elastic Beanstalk?
Delete files from folder in S3 bucket
Configuring AWS Lambda to access S3 Bucket
ParameterVailidation Failed When Sending List to DynamoDB
Prevent X-Forwarded-For spoofing using ELB and Node

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!