0
다음 CloudFormation 템플릿 파일을 만들어 ECS Cluster 및 TaskDefinition, Service를 만들었지 만 오류가 발생했습니다. 이 설정이 잘못 되었나요? 다음 템플릿을 사용하여 ECS 서비스를 만들 때CloudFormation을 통해 ECS 서비스를 만들 수 없습니다.
- 는
Please verify that the ECS service role being passed has the proper permissions을 왔을 때, 속성Role: !ImportValue "IAMRoleECSService"없이 템플릿을 생성 오류가 발생하지 않지만,CREATE_IN_PROGRESS
ECSApplicationService:
Type: "AWS::ECS::Service"
DependsOn:
- "ECSApplicationCluster"
- "ECSApplicationTaskDefinition"
Properties:
Cluster: !Ref "ECSApplicationCluster"
DeploymentConfiguration:
MaximumPercent: 100
MinimumHealthyPercent: 50
DesiredCount: 4
LoadBalancers:
- ContainerName: !Ref "ContainerAppName"
ContainerPort: 80
TargetGroupArn: !ImportValue "ALBTargetGroup"
Role: !ImportValue "IAMRoleECSService"
ServiceName: "ecs-application-service"
TaskDefinition: !Ref "ECSApplicationTaskDefinition"
IAMRoleECSService:
Type: "AWS::IAM::Role"
Properties:
RoleName: "ecs-service"
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service:
- "ecs.amazonaws.com"
Action:
- "sts:AssumeRole"
Policies:
- PolicyName: "ec2-management"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "ec2:AuthorizeSecurityGroupIngress"
- "ec2:Describe*"
Resource: "*"
- PolicyName: "alb-management"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "elasticloadbalancing:DeregisterInstancesFromLoadBalancer"
- "elasticloadbalancing:DeregisterTargets"
- "elasticloadbalancing:DescribeTargetGroups"
- "elasticloadbalancing:DescribeTargetHealth"
- "elasticloadbalancing:Describe*"
- "elasticloadbalancing:RegisterInstancesWithLoadBalancer"
- "elasticloadbalancing:RegisterTargets"
Resource: "*"
어떻게해야합니까?
서비스 연결 역할의 이름을 지정할 수 있습니까? –
두려워하지는 않지만 이름으로이 역할을 언급 할 필요가 없다고 생각하면 중요하지 않습니다. –