Terraform:ECS 服务 - InvalidParameterException
Posted
技术标签:
【中文标题】Terraform:ECS 服务 - InvalidParameterException【英文标题】:Terraform: ECS service - InvalidParameterException 【发布时间】:2018-06-27 19:07:32 【问题描述】:我正在尝试使用 terraform 配置 ECS 集群,在我创建 ecs 服务之前,一切似乎都运行良好:
resource "aws_ecs_service" "ecs-service"
name = "ecs-service"
iam_role = "$aws_iam_role.ecs-service-role.name"
cluster = "$aws_ecs_cluster.ecs-cluster.id"
task_definition = "$aws_ecs_task_definition.my_cluster.family"
desired_count = 1
load_balancer
target_group_arn = "$aws_alb_target_group.ecs-target-group.arn"
container_port = 80
container_name = "my_cluster"
而 IAM 角色是:
resource "aws_iam_role" "ecs-service-role"
name = "ecs-service-role"
assume_role_policy = <<EOF
"Version": "2012-10-17",
"Statement": [
"Action": "sts:AssumeRole",
"Principal":
"Service": "ec2.amazonaws.com"
,
"Effect": "Allow",
"Sid": ""
]
EOF
resource "aws_iam_role_policy_attachment" "ecs-service-role-attachment"
role = "$aws_iam_role.ecs-service-role.name"
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole"
我收到以下错误消息:
aws_ecs_service.ecs-service:发生 1 个错误:
aws_ecs_service.ecs-service:InvalidParameterException:无法承担角色并验证指定的 targetGroupArn。请验证 传递的 ECS 服务角色是否具有适当的权限。
【问题讨论】:
在assume_role_policy中,你能不能把“Principal”这一行改成:"Service": "ecs.amazonaws.com"
。你有ec2.amazonaws.com
。
@KrishnaKumarR 我做了更改,非常感谢
我会输入答案。
【参考方案1】:
在assume_role_policy 中,您能否将“Principal”行更改为如下所述:您拥有ec2.amazonaws.com
。
"Version": "2012-10-17",
"Statement": [
"Action": "sts:AssumeRole",
"Principal":
"Service": "ecs.amazonaws.com"
,
"Effect": "Allow",
"Sid": ""
]
【讨论】:
该死,我为同样的问题浪费了几个小时。谢谢! 同上。谢谢@krishna_mee2004,感谢上帝的 ***。 AWS 文档……好吵。以上是关于Terraform:ECS 服务 - InvalidParameterException的主要内容,如果未能解决你的问题,请参考以下文章
Terraform 创建了 AWS ECS 基础设施:运行状况检查一直失败