ECS 服务无法附加来自不同区域的目标组
ECS Service can't attach target group from different region
我有一个 ECS 服务,我想将两个负载均衡器附加到该服务上,其中一个负载均衡器位于 ECS 集群的不同区域。当我尝试应用更改时,出现以下错误。
InvalidParameterException: Unable to assume role and validate the specified targetGroupArn. Please verify that the ECS service role being passed has the proper permissions.
这是我正在使用的 terraform 代码和 terraform 计划的输出:
resource "aws_ecs_service" "monitoring_grafana_service" {
name = "grafana"
cluster = module.ecs.ecs_cluster_arn
task_definition = aws_ecs_task_definition.monitoring_grafana_task.arn
desired_count = 1
network_configuration{
subnets = module.monitoring_vpc.private_subnets
security_groups = [ module.grafana_sg.security_group_id ]
}
load_balancer {
target_group_arn = module.frontend_alb.target_group_arns[0]
container_name = "grafana"
container_port = 3000
}
load_balancer {
target_group_arn = data.terraform_remote_state.ireland_vpc.outputs.oss_target_group_arns[0]
container_name = "grafana"
container_port = 3000
}
lifecycle {
ignore_changes = [
capacity_provider_strategy
]
}
}
输出:
+ load_balancer {
+ container_name = "grafana"
+ container_port = 3000
+ target_group_arn = "arn:aws:elasticloadbalancing:eu-central-1:myAcc:targetgroup/grafna20220202125410761200000016/1cdafdd8e73c1d9a"
}
+ load_balancer {
+ container_name = "grafana"
+ container_port = 3000
+ target_group_arn = "arn:aws:elasticloadbalancing:eu-west-1:myAcc:targetgroup/grafna20220203130531009700000004/ff91959dcf50287e"
}
ECS 使用的服务角色是“默认”角色,由 AWS 创建。它具有 AWS 托管策略:AmazonECSServiceRolePolicy
集群是 Region-specific。这可能是原因。
网络负载均衡器现在支持从客户端连接到跨不同 AWS 区域的对等 VPC 中的 IP-based 个目标。
确保您的 VPC 已对等连接到目标资源
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-load-balancing.html
原来ECS不支持这个。 (2021 年 2 月)
我有一个 ECS 服务,我想将两个负载均衡器附加到该服务上,其中一个负载均衡器位于 ECS 集群的不同区域。当我尝试应用更改时,出现以下错误。
InvalidParameterException: Unable to assume role and validate the specified targetGroupArn. Please verify that the ECS service role being passed has the proper permissions.
这是我正在使用的 terraform 代码和 terraform 计划的输出:
resource "aws_ecs_service" "monitoring_grafana_service" {
name = "grafana"
cluster = module.ecs.ecs_cluster_arn
task_definition = aws_ecs_task_definition.monitoring_grafana_task.arn
desired_count = 1
network_configuration{
subnets = module.monitoring_vpc.private_subnets
security_groups = [ module.grafana_sg.security_group_id ]
}
load_balancer {
target_group_arn = module.frontend_alb.target_group_arns[0]
container_name = "grafana"
container_port = 3000
}
load_balancer {
target_group_arn = data.terraform_remote_state.ireland_vpc.outputs.oss_target_group_arns[0]
container_name = "grafana"
container_port = 3000
}
lifecycle {
ignore_changes = [
capacity_provider_strategy
]
}
}
输出:
+ load_balancer {
+ container_name = "grafana"
+ container_port = 3000
+ target_group_arn = "arn:aws:elasticloadbalancing:eu-central-1:myAcc:targetgroup/grafna20220202125410761200000016/1cdafdd8e73c1d9a"
}
+ load_balancer {
+ container_name = "grafana"
+ container_port = 3000
+ target_group_arn = "arn:aws:elasticloadbalancing:eu-west-1:myAcc:targetgroup/grafna20220203130531009700000004/ff91959dcf50287e"
}
ECS 使用的服务角色是“默认”角色,由 AWS 创建。它具有 AWS 托管策略:AmazonECSServiceRolePolicy
集群是 Region-specific。这可能是原因。
网络负载均衡器现在支持从客户端连接到跨不同 AWS 区域的对等 VPC 中的 IP-based 个目标。
确保您的 VPC 已对等连接到目标资源
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-load-balancing.html
原来ECS不支持这个。 (2021 年 2 月)