代码之家  ›  专栏  ›  技术社区  ›  Marc

Terraform:ECS服务-InvalidParameterException

amazon-ecs terraform amazon-iam amazon-web-services
  •  2
  • Marc  · 技术社区  · 7 年前

    我正在尝试用terraform配置ECS集群,在创建ECS服务之前,一切似乎都正常: 

    resource "aws_ecs_service" "ecs-service" {
  name            = "ecs-service"
  iam_role        = "${aws_iam_role.ecs-service-role.name}"
  cluster         = "${aws_ecs_cluster.ecs-cluster.id}"
  task_definition = "${aws_ecs_task_definition.my_cluster.family}"
  desired_count   = 1

  load_balancer {
    target_group_arn  = "${aws_alb_target_group.ecs-target-group.arn}"
    container_port    = 80
    container_name    = "my_cluster"
  }
}

    IAM的角色是: 

    resource "aws_iam_role" "ecs-service-role" {
  name = "ecs-service-role"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
EOF
}

resource "aws_iam_role_policy_attachment" "ecs-service-role-attachment" {
    role       = "${aws_iam_role.ecs-service-role.name}"
    policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole"
}

    我收到以下错误消息:

    • aws\U ecs\U服务。ecs服务:发生1个错误:

    • aws\U ecs\U服务。ecs服务:InvalidParameterException:无法承担角色并验证指定的targetGroupArn。请验证 正在传递的ECS服务角色是否具有适当的权限。

    1 回复  |  直到 7 年前
        1
  •  7
  •   krishna_mee2004    7 年前

    在Askept\u role\u策略中,您是否可以将“Principal”行更改为如下所述:您正在 ec2.amazonaws.com . 

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "ecs.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
    推荐文章
    关于   移动版
    代码之家 - 一站式码农服务社区
    沪ICP备11025650号