添加作为服务相关角色的 IAM 角色
Add a IAM role that is service linked role
我正在尝试创建一个 CFN 来启动连接到 ECR 的 ECS 和顶部的负载均衡器。但是现在我得到这个错误:
Resource handler returned message: "Invalid request provided: CreateService error: You cannot specify an IAM role for services that require a service linked role. (Service: AmazonECS; Status Code: 400; Error Code: InvalidParameterException; Request ID: b8a77e87-5715-4d43-b58f-a0843dbee15e; Proxy: null)" (RequestToken: c19a676b-893b-8369-a9b5-75c792c18bd0, HandlerErrorCode: InvalidRequest)
我在事件中失败的服务块是这个。
service:
Type: AWS::ECS::Service
DependsOn: ALBListenerHttps
Properties:
Cluster: !Ref 'ECSCluster'
DesiredCount: '1'
LaunchType: FARGATE
LoadBalancers:
- ContainerName: !Sub ${Environment}-${Name}
ContainerPort: '3000'
TargetGroupArn: !Ref 'ECSTG'
Role: 'arn:aws:iam::{My was id}:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS'
TaskDefinition: !Ref 'taskdefinition'
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: 'ENABLED'
Subnets: !Ref 'SubnetId'
如果您有 NetworkConfiguration,则不能使用 Role。所以 删除你的 Role。来自 docs:
This parameter is only permitted if you are using a load balancer with your service and your task definition does not use the awsvpc network mode.
我正在尝试创建一个 CFN 来启动连接到 ECR 的 ECS 和顶部的负载均衡器。但是现在我得到这个错误:
Resource handler returned message: "Invalid request provided: CreateService error: You cannot specify an IAM role for services that require a service linked role. (Service: AmazonECS; Status Code: 400; Error Code: InvalidParameterException; Request ID: b8a77e87-5715-4d43-b58f-a0843dbee15e; Proxy: null)" (RequestToken: c19a676b-893b-8369-a9b5-75c792c18bd0, HandlerErrorCode: InvalidRequest)
我在事件中失败的服务块是这个。
service:
Type: AWS::ECS::Service
DependsOn: ALBListenerHttps
Properties:
Cluster: !Ref 'ECSCluster'
DesiredCount: '1'
LaunchType: FARGATE
LoadBalancers:
- ContainerName: !Sub ${Environment}-${Name}
ContainerPort: '3000'
TargetGroupArn: !Ref 'ECSTG'
Role: 'arn:aws:iam::{My was id}:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS'
TaskDefinition: !Ref 'taskdefinition'
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: 'ENABLED'
Subnets: !Ref 'SubnetId'
如果您有 NetworkConfiguration,则不能使用 Role。所以 删除你的 Role。来自 docs:
This parameter is only permitted if you are using a load balancer with your service and your task definition does not use the awsvpc network mode.