daigotanaka/cfn.yml

## cfn.yml
# My Fargate tasks suddenly stopped working around 6/20/2020 after many months of stable executions.
# I tried using the following role and it worked.
# Reference: https://stackoverflow.com/a/51536083
#
# You can look for the ARN for the generated role by running:
#   ROLE=aws iam list-roles --query 'Roles[?contains(RoleName, `CloudWatchEventECSRole`)].Arn | [0]'
#
# You can use the role when scheduling the task on Fargate
#   aws events put-targets --profile $AWS_PROFILE \
#    --rule $SCHEDULE_RULE_NAME \
#    --targets \
#        "Id"=$TARGET_ID,"Arn"=$CLUSTER_ARN,"RoleArn"=$ROLE,"EcsParameters"="{"TaskDefinitionArn"="$TASK_DEF","TaskCount"=1,"LaunchType"="FARGATE","NetworkConfiguration"={"awsvpcConfiguration"={"Subnets"=["$SUBNET0,$SUBNET1"],"SecurityGroups"=["$SECURITY_GROUP"],"AssignPublicIp"="ENABLED"}}}"
#
# Here is the part of the cloudformation template to create the role you can insert in your Cloudformation YML file:
  CloudWatchEventECSRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - events.amazonaws.com
            Action:
              - sts:AssumeRole
      Path: /
      Policies:
        - PolicyName: CloudwatchEventsInvokeECSRunTask
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action: 'ecs:RunTask'
                Resource: '*'
              - Effect: Allow
                Action: 'iam:PassRole'
                Resource: '*'
                Condition:
                  StringLike:
                    iam:PassedToService:
                      "ecs-tasks.amazonaws.com"
	# My Fargate tasks suddenly stopped working around 6/20/2020 after many months of stable executions.
	# I tried using the following role and it worked.
	# Reference: https://stackoverflow.com/a/51536083
	#
	# You can look for the ARN for the generated role by running:
	# ROLE=aws iam list-roles --query 'Roles[?contains(RoleName, `CloudWatchEventECSRole`)].Arn \| [0]'
	#
	# You can use the role when scheduling the task on Fargate
	# aws events put-targets --profile $AWS_PROFILE \
	# --rule $SCHEDULE_RULE_NAME \
	# --targets \
	# "Id"=$TARGET_ID,"Arn"=$CLUSTER_ARN,"RoleArn"=$ROLE,"EcsParameters"="{"TaskDefinitionArn"="$TASK_DEF","TaskCount"=1,"LaunchType"="FARGATE","NetworkConfiguration"={"awsvpcConfiguration"={"Subnets"=["$SUBNET0,$SUBNET1"],"SecurityGroups"=["$SECURITY_GROUP"],"AssignPublicIp"="ENABLED"}}}"
	#
	# Here is the part of the cloudformation template to create the role you can insert in your Cloudformation YML file:
	CloudWatchEventECSRole:
	Type: AWS::IAM::Role
	Properties:
	AssumeRolePolicyDocument:
	Version: 2012-10-17
	Statement:
	- Effect: Allow
	Principal:
	Service:
	- events.amazonaws.com
	Action:
	- sts:AssumeRole
	Path: /
	Policies:
	- PolicyName: CloudwatchEventsInvokeECSRunTask
	PolicyDocument:
	Version: 2012-10-17
	Statement:
	- Effect: Allow
	Action: 'ecs:RunTask'
	Resource: '*'
	- Effect: Allow
	Action: 'iam:PassRole'
	Resource: '*'
	Condition:
	StringLike:
	iam:PassedToService:
	"ecs-tasks.amazonaws.com"