-
Notifications
You must be signed in to change notification settings - Fork 40
ECSTask - Cannot specify a VPC that is owned by another AWS account #112
Comments
cross-account permissions are generally difficult. I'm curious, why do you need to trigger a run on a different account? do you have an option to execute ECSTask using an IAM user from the same AWS account? typically, I see AWS accounts being used to separate environments, so I'd expect you would have one account for production and perhaps another for development and the ECS tasks would be triggered by an agent running in the same account |
I asked and looks like we'll add patches of run task kwargs allowing you to do that very similarly to 1.0 |
Just to check, is there a way we can detect the security groups when we inspect the VPC? |
No, security groups are independent of VPCs and subnets, users would need to specify it on run_task_kwargs, or we could allow providing this in the same way as we do with launchType:
|
Having the ability to set run_task_kwargs would also allow for ephemeral storage on Fargate tasks. https://docs.aws.amazon.com/AmazonECS/latest/developerguide/fargate-task-storage.html |
Using ECSTask - If I leave VPC Id configuration out of the infra block, then the tasks will run in the default VPC.
However for a managed VPC - if I set that id, the agent reports the following botocore error:
There is no way to configure the secruity group/subnets currently in 2.4.0 - which was possible in prefect 1 through
run_task_kwargs
Ideally, I'd like to use the existing VPC by configuring the security group and subnets.
The text was updated successfully, but these errors were encountered: