ECS 从 EC2 迁移到 Fargate
ECS migration from EC2 to Fargate
我正在尝试从 Amaxon ECS EC2 迁移到 Fargate。这里我根据 https://aws.amazon.com/blogs/compute/migrating-your-amazon-ecs-containers-to-aws-fargate/ 的建议做了一些修改。我正在使用 amazon cloudformation create/update 资源。
ECSTaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
Family : !Join ["_", [!Ref "AppName", !Ref "ComponentName", !Ref "TargetEnv" ]]
NetworkMode: "awsvpc"
ExecutionRoleArn: arn:aws:iam::${AWS::AccountId}:role/ecsTaskExecutionRole
TaskRoleArn:
Fn::Sub:
[
"arn:aws:iam::${AWS::AccountId}:role/exec_dp_${TargetEnv}",
{
TargetEnv: !Ref "TargetEnv"
}
]
RequiresCompatibilities:
- "FARGATE"
Memory: "512"
Cpu: '256'
ContainerDefinitions:
这里的问题是当我尝试创建堆栈时出现如下错误:
Unable to assume the service linked role. Please verify that the ECS service linked role exists
我也试过创建服务相关角色,如下所示:
AwsEcsTaskExecutionRole:
Type: AWS::IAM::Role
Properties:
Path: /
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: ecs.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/aws-service-role/AmazonECSServiceRolePolicy
然后指定为
ExecutionRoleArn:!GetAtt AwsEcsTaskExecutionRole.Arn
它不工作。任何有关的方向都会很有帮助。
简答:
运行 这个命令:aws iam create-service-linked-role --aws-service-name ecs.amazonaws.com
长答案:
推出了 AWS Service-Linked Roles。对于旧的 AWS 帐户,或者如果您从未在控制台中手动创建 ECS 集群,则必须 运行 上面的命令才能创建角色。
我正在尝试从 Amaxon ECS EC2 迁移到 Fargate。这里我根据 https://aws.amazon.com/blogs/compute/migrating-your-amazon-ecs-containers-to-aws-fargate/ 的建议做了一些修改。我正在使用 amazon cloudformation create/update 资源。
ECSTaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
Family : !Join ["_", [!Ref "AppName", !Ref "ComponentName", !Ref "TargetEnv" ]]
NetworkMode: "awsvpc"
ExecutionRoleArn: arn:aws:iam::${AWS::AccountId}:role/ecsTaskExecutionRole
TaskRoleArn:
Fn::Sub:
[
"arn:aws:iam::${AWS::AccountId}:role/exec_dp_${TargetEnv}",
{
TargetEnv: !Ref "TargetEnv"
}
]
RequiresCompatibilities:
- "FARGATE"
Memory: "512"
Cpu: '256'
ContainerDefinitions:
这里的问题是当我尝试创建堆栈时出现如下错误:
Unable to assume the service linked role. Please verify that the ECS service linked role exists
我也试过创建服务相关角色,如下所示:
AwsEcsTaskExecutionRole:
Type: AWS::IAM::Role
Properties:
Path: /
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: ecs.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/aws-service-role/AmazonECSServiceRolePolicy
然后指定为 ExecutionRoleArn:!GetAtt AwsEcsTaskExecutionRole.Arn
它不工作。任何有关的方向都会很有帮助。
简答:
运行 这个命令:aws iam create-service-linked-role --aws-service-name ecs.amazonaws.com
长答案:
推出了 AWS Service-Linked Roles。对于旧的 AWS 帐户,或者如果您从未在控制台中手动创建 ECS 集群,则必须 运行 上面的命令才能创建角色。