aws - ECS 容量提供者权限

Question

I'm trying out teraform for managing my infrastructure and got into a bit of an issue and I'm not sure what to look for.我正在尝试使用 teraform 来管理我的基础架构，但遇到了一些问题，我不确定要寻找什么。

I'm attempting to create a capacity provider for my ECS cluster however I'm getting the following error我正在尝试为我的 ECS 集群创建容量提供程序，但是出现以下错误

ClientException: The capacity provider could not be created because you do not have autoscaling:CreateOrUpdateTags permissions to create tags on the Auto Scaling group

Below are my files:以下是我的文件：

Launch config and autoscale group creation启动配置和自动缩放组创建

resource "aws_launch_configuration" "ecs_launch_configuration" {
    name = "ecs_launch_configuration"
    image_id = "ami-0fe19057e9cb4efd8"
    user_data = "#!/bin/bash\necho ECS_CLUSTER=ecs_cluster >> /etc/ecs/ecs.config"
    security_groups = [aws_security_group.vpc_securityGroup.id]
    iam_instance_profile = aws_iam_instance_profile.iam_role_profile.name
    key_name = "key_pair_name"
    instance_type = "t2.small"
}

resource "aws_autoscaling_group" "ecs_autoScale_group" {
    name                      = "ecs_autoScale_group"
    desired_capacity          = 1
    min_size                  = 1
    max_size                  = 2
    launch_configuration = aws_launch_configuration.ecs_launch_configuration.name
    vpc_zone_identifier = [aws_subnet.vpc_subnet_public.id]
    tag {
        key                 = "AmazonECSManaged"
        value               = true
        propagate_at_launch = true
    }
}

ECS Cluster and capacity provider creation ECS 集群和容量提供程序创建

resource "aws_ecs_cluster" "ecs_cluster"{
    name = "ecs_cluster"
    capacity_providers = [ aws_ecs_capacity_provider.ecs_capacity_provider.name ]
}

resource "aws_ecs_capacity_provider" "ecs_capacity_provider" {
    name = "ecs_capacity_provider"
    auto_scaling_group_provider {
        auto_scaling_group_arn = aws_autoscaling_group.ecs_autoScale_group.arn
        managed_scaling {
            maximum_scaling_step_size = 2
            minimum_scaling_step_size = 1
            status                    = "ENABLED"
            target_capacity           = 1
        }
    }
}

I was able to create this from the console's GUI, however only terraform returns this error.我能够从控制台的 GUI 创建它，但是只有 terraform 返回此错误。

Help would be greatly appreciated.帮助将不胜感激。

Thanks in advance.提前致谢。

Answer 1

(a guess) （一个推测）

Isn't it because the IAM user you are using in your Terraform code is lacking the autoscaling:CreateOrUpdateTags permission?不是因为您在 Terraform 代码中使用的 IAM 用户缺少 autoscaling autoscaling:CreateOrUpdateTags权限吗？

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-auto-scaling.html says: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-auto-scaling.html说：

The IAM user creating the capacity providers, needs the autoscaling:CreateOrUpdateTags permission.创建容量提供程序的 IAM 用户需要 autoscaling:CreateOrUpdateTags 权限。 This is because Amazon ECS adds a tag to the Auto Scaling group when it associates it with the capacity provider.这是因为 Amazon ECS 在将 Auto Scaling 组与容量提供程序关联时会向它添加一个标签。

aws - ECS 容量提供者权限

问题描述

1 个解决方案

解决方案1
2 2021-11-26 15:15:45

aws - ECS 容量提供者权限

问题描述

1 个解决方案

解决方案1 2 2021-11-26 15:15:45

解决方案1
2 2021-11-26 15:15:45