Created
June 23, 2020 22:57
-
-
Save daigotanaka/ac1693545758027105e304e5b60b8f58 to your computer and use it in GitHub Desktop.
Fixing AWS Fargate FailedInvocation error
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# My Fargate tasks suddenly stopped working around 6/20/2020 after many months of stable executions. | |
# I tried using the following role and it worked. | |
# Reference: https://stackoverflow.com/a/51536083 | |
# | |
# You can look for the ARN for the generated role by running: | |
# ROLE=aws iam list-roles --query 'Roles[?contains(RoleName, `CloudWatchEventECSRole`)].Arn | [0]' | |
# | |
# You can use the role when scheduling the task on Fargate | |
# aws events put-targets --profile $AWS_PROFILE \ | |
# --rule $SCHEDULE_RULE_NAME \ | |
# --targets \ | |
# "Id"=$TARGET_ID,"Arn"=$CLUSTER_ARN,"RoleArn"=$ROLE,"EcsParameters"="{"TaskDefinitionArn"="$TASK_DEF","TaskCount"=1,"LaunchType"="FARGATE","NetworkConfiguration"={"awsvpcConfiguration"={"Subnets"=["$SUBNET0,$SUBNET1"],"SecurityGroups"=["$SECURITY_GROUP"],"AssignPublicIp"="ENABLED"}}}" | |
# | |
# Here is the part of the cloudformation template to create the role you can insert in your Cloudformation YML file: | |
CloudWatchEventECSRole: | |
Type: AWS::IAM::Role | |
Properties: | |
AssumeRolePolicyDocument: | |
Version: 2012-10-17 | |
Statement: | |
- Effect: Allow | |
Principal: | |
Service: | |
- events.amazonaws.com | |
Action: | |
- sts:AssumeRole | |
Path: / | |
Policies: | |
- PolicyName: CloudwatchEventsInvokeECSRunTask | |
PolicyDocument: | |
Version: 2012-10-17 | |
Statement: | |
- Effect: Allow | |
Action: 'ecs:RunTask' | |
Resource: '*' | |
- Effect: Allow | |
Action: 'iam:PassRole' | |
Resource: '*' | |
Condition: | |
StringLike: | |
iam:PassedToService: | |
"ecs-tasks.amazonaws.com" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment