Mar*_*arc 2 amazon-web-services amazon-ecs amazon-iam terraform
我正在尝试使用 terraform 配置 ECS 集群,在我创建 ecs 服务之前,一切似乎都运行良好:
resource "aws_ecs_service" "ecs-service" {
name = "ecs-service"
iam_role = "${aws_iam_role.ecs-service-role.name}"
cluster = "${aws_ecs_cluster.ecs-cluster.id}"
task_definition = "${aws_ecs_task_definition.my_cluster.family}"
desired_count = 1
load_balancer {
target_group_arn = "${aws_alb_target_group.ecs-target-group.arn}"
container_port = 80
container_name = "my_cluster"
}
}
IAM 角色是:
resource "aws_iam_role" "ecs-service-role" {
name = "ecs-service-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "ecs-service-role-attachment" {
role = "${aws_iam_role.ecs-service-role.name}"
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole"
}
我收到以下错误消息:
aws_ecs_service.ecs-service:发生 1 个错误:
aws_ecs_service.ecs-service:InvalidParameterException:无法代入角色并验证指定的 targetGroupArn。请验证传递的 ECS 服务角色是否具有适当的权限。
在假设角色策略中,您能否将“主体”行更改为如下所述:您有ec2.amazonaws.com.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ecs.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
| 归档时间: |
|
| 查看次数: |
1699 次 |
| 最近记录: |