ECS Fargate 计划任务未运行
[英]ECS Fargate Scheduled Task not running
问题描述
I'm trying to setup a scheduled task with ECS Fargate but I cannot figure out why it is not running.
我正在尝试使用 ECS Fargate 设置计划任务,但我无法弄清楚它为什么没有运行。 I can confirm the task works correctly using RunTask but when I try to trigger it on a schedule all I get is a bunch of 'FailedInvocations' with no explanation.我可以使用RunTask确认任务正常工作,但是当我尝试按计划触发它时,我得到的只是一堆“FailedInvocations”,没有任何解释。
I do know though that the rule is being triggered so this is a good sign.我确实知道规则正在被触发,所以这是一个好兆头。 See the screenshot below:请看下面的截图:
But everytime it is triggered there is just a 'FailedInvocation'.但每次触发时都会有一个“失败的调用”。 Here's the scheduling rule:这是调度规则:
And the default permissions on the ecsEventRole with just ecs:runTask :和ecsEventRole的默认权限,只有ecs:runTask :
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecs:RunTask"
],
"Resource": [
"*"
]
}
]
}
My hunch says that this ecsEventsRole doesn't have enough permissions.我的预感是这个ecsEventsRole没有足够的权限。 Should I try to give it the ones that ecsTaskExecutionRole has?我应该尝试给它ecsTaskExecutionRole的那些吗?
Thanks谢谢
EDIT: This is now supported in us-east-1 region.编辑:这在us-east-1地区现在得到支持。 See comments.见评论。
6 个解决方案
解决方案1
18 2019-08-08 07:31:39
Although it's been over an year, AWS still don't have a proper way to see invocation logs.虽然已经一年多了,但是AWS仍然没有正确的方式查看调用日志。
As you already know we can invoke tasks by RunTask manually, so does Scheduled Task.如您所知,我们可以通过RunTask手动调用任务,计划任务也是如此。
The only difference is that Scheduled Task is triggered by CloudWatch rules.唯一的区别是计划任务由 CloudWatch 规则触发。
We can easily see invoke logs in CloudTrail Event history , go there and filter events with Event name: RunTask and select the time range you want to check, find the event and click View Event , you'll see the error code and response.我们可以很容易地看到援引日志CloudTrail Event history ,去那里和过滤事件与事件名称: RunTask并选择您要检查,发现该事件,并点击时间段View Event ,你会看到错误代码和响应。
解决方案2
11 2018-01-17 06:49:08
I ran into a similar issue where regular ECS Scheduled Tasks were not running.我遇到了一个类似的问题,即常规 ECS 计划任务未运行。
I finally resolved it by adding an additional policy to ecsEventsRole which allows CloudWatch Events to pass IAM roles to ECS Tasks:我最终通过向ecsEventsRole添加额外策略解决了这个问题,该策略允许 CloudWatch Events 将 IAM 角色传递给 ECS 任务:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:ListInstanceProfiles",
"iam:ListRoles",
"iam:PassRole"
],
"Resource": "*"
}
]
}
解决方案3
3 2018-01-15 21:14:56
Here is a possible workaround: use a lambda function as target for the cloudwatch rule and create the task in the lambda function code.这是一个可能的解决方法:使用 lambda 函数作为 cloudwatch 规则的目标,并在 lambda 函数代码中创建任务。
Here is an example code for the lambda function: https://lobster1234.github.io/2017/12/03/run-tasks-with-aws-fargate-and-lambda/这是 lambda 函数的示例代码: https : //lobster1234.github.io/2017/12/03/run-tasks-with-aws-fargate-and-lambda/
The links describes how to pack the new boto version with the lambda function but this is not necessary anymore since AWS already updated the lambda boto version to 1.4.8这些链接描述了如何使用 lambda 函数打包新的 boto 版本,但这不再是必需的,因为 AWS 已经将 lambda boto 版本更新为 1.4.8
I've tested and it works.我已经测试过了,它有效。
解决方案4
1 2020-04-30 13:28:17
When defining a Rule in CloudFormation, I had to ensure that the Target RoleArn property referenced ecsEventsRole :在CloudFormation 中定义规则时,我必须确保 Target RoleArn属性引用了ecsEventsRole :
Targets:
- Id: !Sub ${AWS::StackName}-cron-test-1
Arn: arn:aws:ecs:eu-west-1:<account id>:cluster/fargate-cluster
RoleArn: !Join
- ':'
- - "arn:aws:iam"
- ""
- !Ref "AWS::AccountId"
- "role/ecsEventsRole"
And where ecsEventsRole defined the AmazonEC2ContainerServiceEventsRole policy并且ecsEventsRole定义了AmazonEC2ContainerServiceEventsRole策略
解决方案5
0 2018-09-07 20:19:35
Have you tried using the aws cli and running aws events put-rule followed by aws events put-targets --rule <value> --targets <value> instead?您是否尝试过使用 aws cli 并运行aws events put-rule后跟aws events put-targets --rule <value> --targets <value> ? I was having a similar problem, and using the (recent version of) the aws cli worked for me.我遇到了类似的问题,并且使用(最新版本)aws cli 对我有用。
Here's a sample:这是一个示例:
aws events put-rule --name "DailyLambdaFunction" --schedule-expression "cron(0 9 * * ? *)"
Followed by the below command all in one line:在一行中跟随以下命令:
aws events put-targets --rule cli-RS-rule --targets '{"Arn":"arn:aws:ecs:1234/cluster/clustername","EcsParameters":{"LaunchType": "FARGATE","NetworkConfiguration": {"awsvpcConfiguration": {"AssignPublicIp": "ENABLED", "SecurityGroups": [ "sg-id1233" ], "Subnets": [ "subnet-1234" ] }},"TaskCount": 1,"TaskDefinitionArn": "arn:aws:ecs:1234:task-definition/taskdef"},"Id": "sampleID111","RoleArn": "arn:aws:iam:1234:role/eventrole"}'
解决方案6
0 2020-08-20 11:43:49
I had similar problem with ECS fargate task scheduler.我对 ECS fargate 任务调度程序有类似的问题。 I've managed to fix it by adding below policy to the task IAM role.我设法通过将以下策略添加到任务 IAM 角色来修复它。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecs:RunTask"
],
"Resource": [
"arn:aws:ecs:*:548503722878:task-definition/test-services-20200813124716"
],
"Condition": {
"ArnLike": {
"ecs:cluster": "arn:aws:ecs:*:548503722878:cluster/test-cluster"
}
}
},
{
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": [
"*"
],
"Condition": {
"StringLike": {
"iam:PassedToService": "ecs-tasks.amazonaws.com"
}
}
}
]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.