Menu
I am trying to migrate from Amazon ECS EC2 to Fargate. Here I have made some changes as per recommendation from https://aws.amazon.com/blogs/compute/migrating-your-amazon-ecs-containers-to-aws-fargate/. I am using amazon cloudformation to create/update the resources.
ECSTaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
Family : !Join ["_", [!Ref "AppName", !Ref "ComponentName", !Ref "TargetEnv" ]]
NetworkMode: "awsvpc"
ExecutionRoleArn: arn:aws:iam::${AWS::AccountId}:role/ecsTaskExecutionRole
TaskRoleArn:
Fn::Sub:
[
"arn:aws:iam::${AWS::AccountId}:role/exec_dp_${TargetEnv}",
{
TargetEnv: !Ref "TargetEnv"
}
]
RequiresCompatibilities:
- "FARGATE"
Memory: "512"
Cpu: '256'
ContainerDefinitions:
Here the problem is when I try to create the stack it gives me error as below:
Unable to assume the service linked role. Please verify that the ECS service linked role exists
I have also tried creating service linked role something like below:
AwsEcsTaskExecutionRole:
Type: AWS::IAM::Role
Properties:
Path: /
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: ecs.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/aws-service-role/AmazonECSServiceRolePolicy
and then specified it as ExecutionRoleArn: !GetAtt AwsEcsTaskExecutionRole.Arn
Its not working. Any direction regarding would really help.
446
Short answer:
Run this command: aws iam create-service-linked-role --aws-service-name ecs.amazonaws.com
Long answer:
AWS introduced Service-Linked Roles. For old AWS accounts or if you never created an ECS cluster by hand in the console, you have to run the command above to have the role created.
52
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
