When trying to deploy my multi-docker application through beanstalk with a dockerrun.aws.json file, where it has secrets, I get an error that I have to specify an executionRoleArn. When I'm looking at the file, it IS defined.
I tried moving it to different spot inside the file, tried to define taskRoleArn too, nothing really works. I couldn't find any hints that it wasn't supported in the aws documentation. I followed this page : https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html
This is my dockerrun.aws.json file partially redacted.
{
"AWSEBDockerrunVersion": 2,
"executionRoleArn": "arn:aws:iam::ACCOUNT_ID:role/ecsTaskExecutionRole",
"containerDefinitions": [{
...
"secrets": [
{
"name" : "SOME_ENV",
"valueFrom" : "arn:aws:ssm:REGION:ACCOUNT_ID:parameter/MY_SECRET"
},
...
],
...
}],
"volumes": [
....
]
}
This is the exact error I'm getting while using eb deploy
:
ERROR Service:AmazonECS, Code:ClientException, Message:When you
are specifying container secrets, you must also specify a value
for 'executionRoleArn'.,
Class:com.amazonaws.services.ecs.model.ClientException
At this moment of this post AWS doesn't support EBS with ECS with ecsTaskExecutionRole
. The workaround is to have a bash script loaded at login which fetches the env variables from KMS
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With