ECS从EC2迁移到Fargate

Question

我正在尝试从Amaxon ECS EC2迁移到Fargate。在这里，我根据https://aws.amazon.com/blogs/compute/migrating-your-amazon-ecs-containers-to-aws-fargate/的建议进行了一些更改。我正在使用Amazon cloudformation创建/更新资源。

ECSTaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
        Family : !Join ["_", [!Ref "AppName", !Ref "ComponentName", !Ref "TargetEnv" ]]
        NetworkMode: "awsvpc"
        ExecutionRoleArn: arn:aws:iam::${AWS::AccountId}:role/ecsTaskExecutionRole
        TaskRoleArn: 
            Fn::Sub: 
                [ 
                    "arn:aws:iam::${AWS::AccountId}:role/exec_dp_${TargetEnv}",
                    { 
                        TargetEnv: !Ref "TargetEnv"
                    }
                ]
        RequiresCompatibilities:
          - "FARGATE"
        Memory: "512"
        Cpu: '256'
        ContainerDefinitions:

这里的问题是，当我尝试创建堆栈时，出现以下错误：

无法承担服务链接角色。请确认ECS服务链接角色存在

我还尝试过创建类似于以下内容的服务链接角色：

AwsEcsTaskExecutionRole:
     Type: AWS::IAM::Role
     Properties:
        Path: /
        AssumeRolePolicyDocument:
             Version: 2012-10-17
             Statement:
                     - Effect: Allow
             Principal:
             Service: ecs.amazonaws.com
             Action: sts:AssumeRole
        ManagedPolicyArns:
             - arn:aws:iam::aws:policy/aws-service-role/AmazonECSServiceRolePolicy

然后将其指定为ExecutionRoleArn：！GetAtt AwsEcsTaskExecutionRole.Arn

它不起作用。关于任何方向都将真正有帮助。

Answer 1

简短答案：

运行以下命令： aws iam create-service-linked-role --aws-service-name ecs.amazonaws.com

长答案：

AWS引入了服务链接角色。对于旧的AWS账户，或者如果您从未在控制台中手动创建ECS集群，则必须运行以上命令以创建角色。