stackoom
  简体   繁体   中英

aws - ECS capacity provider permission

 原文  2021-11-26 15:11:32       amazon-web-services/ terraform/ amazon-ecs

Question

I'm trying out teraform for managing my infrastructure and got into a bit of an issue and I'm not sure what to look for.

I'm attempting to create a capacity provider for my ECS cluster however I'm getting the following error

ClientException: The capacity provider could not be created because you do not have autoscaling:CreateOrUpdateTags permissions to create tags on the Auto Scaling group

Below are my files:

Launch config and autoscale group creation

resource "aws_launch_configuration" "ecs_launch_configuration" {
    name = "ecs_launch_configuration"
    image_id = "ami-0fe19057e9cb4efd8"
    user_data = "#!/bin/bash\necho ECS_CLUSTER=ecs_cluster >> /etc/ecs/ecs.config"
    security_groups = [aws_security_group.vpc_securityGroup.id]
    iam_instance_profile = aws_iam_instance_profile.iam_role_profile.name
    key_name = "key_pair_name"
    instance_type = "t2.small"
}

resource "aws_autoscaling_group" "ecs_autoScale_group" {
    name                      = "ecs_autoScale_group"
    desired_capacity          = 1
    min_size                  = 1
    max_size                  = 2
    launch_configuration = aws_launch_configuration.ecs_launch_configuration.name
    vpc_zone_identifier = [aws_subnet.vpc_subnet_public.id]
    tag {
        key                 = "AmazonECSManaged"
        value               = true
        propagate_at_launch = true
    }
}

ECS Cluster and capacity provider creation 

resource "aws_ecs_cluster" "ecs_cluster"{
    name = "ecs_cluster"
    capacity_providers = [ aws_ecs_capacity_provider.ecs_capacity_provider.name ]
}

resource "aws_ecs_capacity_provider" "ecs_capacity_provider" {
    name = "ecs_capacity_provider"
    auto_scaling_group_provider {
        auto_scaling_group_arn = aws_autoscaling_group.ecs_autoScale_group.arn
        managed_scaling {
            maximum_scaling_step_size = 2
            minimum_scaling_step_size = 1
            status                    = "ENABLED"
            target_capacity           = 1
        }
    }
}

I was able to create this from the console's GUI, however only terraform returns this error.

Help would be greatly appreciated.

Thanks in advance.

1 answers

solution1
 2  2021-11-26 15:15:45

(a guess)

Isn't it because the IAM user you are using in your Terraform code is lacking the autoscaling:CreateOrUpdateTags permission?

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-auto-scaling.html says:

The IAM user creating the capacity providers, needs the autoscaling:CreateOrUpdateTags permission. This is because Amazon ECS adds a tag to the Auto Scaling group when it associates it with the capacity provider.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS ECS cluster Capacity Provider Unable to create a ECS capacity provider by aws cli AWS ECS EC2 Capacity Provider not listed Is AWS CodeDeploy usable with ECS, AutoScaling, and a capacity provider? AWS ECS Error When Creating Capacity Provider AWS ECS capacity provider using terraform Can AWS ECS capacity provider be updated using Terraform? AWS ECS capacity provider using Terraform v 0.11.10 Unable to add capacity provider to AWS ECS cluster with terraform AWS ECS Capacity providers
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM