Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ECS ROLE ARN #9

Closed
jschwarzwalder opened this issue Jul 18, 2018 · 9 comments
Closed

ECS ROLE ARN #9

jschwarzwalder opened this issue Jul 18, 2018 · 9 comments

Comments

@jschwarzwalder
Copy link
Contributor 

  "executionRoleArn": "REPLACE_ME_ECS_ROLE_ARN",
  "taskRoleArn": "REPLACE_ME_ECS_TASK_ROLE_ARN",

I'm not certain which value to place in these. I have an arn for cloud formation and only one from ecs that I got when I created the cluster. What goes where?

"repositoryArn": "arn:aws:ecr:"
"StackId": "arn:aws:cloudformation:"
"Arn": "arn:aws:iam:"
"clusterArn": "arn:aws:ecs:"

Is there a command I can run at this point to retrieve in information in case I forgot to save the file?

Thank you for clarifying
@jschwarzwalder
Copy link
Contributor Author

I tried using the ecs for "executionRoleArn" that I got from create-cluster command, and the cloud formation arn for "taskRoleArn" but got the following error:

An error occurred (ClientException) when calling the RegisterTaskDefinition operation: Role is not valid

@rttomlinson
Copy link

If you go to "CloudFormation" in the AWS console and locate the stack you made originally, you should find an "Outputs" tab. In there you will find the ARNs for ECS role and ECS Task role.

@jschwarzwalder
Copy link
Contributor Author

I cannot find the output described.

I looked through my logs and found this:

AWS_Game:~/environment/aws-modern-application-workshop (master) $ aws cloudformation create-stack --stack-name MythicalMysfitsCoreStack --capabilities CAPABILITY_NAMED_IAM --template-body file://~/environment/aws-modern-application-workshop/module-2/cfn/core.yml
{
    "StackId": "arn:aws:cloudformation:eu-west-1:444444444444:stack/MythicalMysfitsCoreStack/9999999-8988-1111-8888-555555555555"
}

AWS_Game:~/environment/aws-modern-application-workshop (master) $ aws cloudformation describe-stacks --stack-name MythicalMysfitsCoreStack
{
    "Stacks": [
        {
            "StackId": "arn:aws:cloudformation:eu-west-1:444444444444:stack/MythicalMysfitsCoreStack/9999999-8988-1111-8888-555555555555", 
            "Description": "This stack deploys the core network infrastructure and IAM resources to be used for a service hosted in Amazon ECS using AWS Fargate.", 
            "Tags": [], 
            "EnableTerminationProtection": false, 
            "CreationTime": "2018-07-17T06:56:43.083Z", 
            "Capabilities": [
                "CAPABILITY_NAMED_IAM"
            ], 
            "StackName": "MythicalMysfitsCoreStack", 
            "NotificationARNs": [], 
            "StackStatus": "CREATE_IN_PROGRESS", 
            "DisableRollback": false, 
            "RollbackConfiguration": {}
        }
    ]
}

arn masked for privacy.

When I made the stack I seem to have only gotten one cloud formation arn.

@rttomlinson
Copy link

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-view-stack-data-resources.html

Maybe this link will be helpful? Particularly the section labeled To view information about your AWS CloudFormation stack

@abaird986
Copy link
Contributor

abaird986 commented Jul 18, 2018
edited
Loading

@jschwarzwalder - look at this bit within the instructions of module 2, the describe-stacks call is the one that was missed that contains lots of the values you'll need to copy and paste later in the workshop:

You can check on the status of your stack creation either via the AWS Console or by running the command:

aws cloudformation describe-stacks --stack-name MythicalMysfitsCoreStack

When in the describe-stacks response, you see a status of CREATE_COMPLETE, CloudFormation has finished provisioning all of the core networking and security resources described above.

Once you see CREATE_COMPLETE in the describe-stacks response command above, copy the full response and save it for future reference in a text editor. Or, create a temporary folder and file to save it to within your IDE. This JSON response contains the unique identifiers for several of the created resources, which we will use later in this workshop.

@jschwarzwalder
Copy link
Contributor Author

I recovered from error by running this to get the information I needed.

aws cloudformation describe-stacks --stack-name MythicalMysfitsCoreStack

The paragraphs are very dense, and so it was hard to understand that I would need to wait until I get a different status.

@samuelj123
Copy link

I get
An error occured (ClientException) when calling the RegisterTaskDefinition operation: Role is not valid
when I run
aws ecs register-task-definition --cli-input-json file://taskdef.json
Should I be playing around with my IAM roles? if so, which?

@shrihari21
Copy link

I get
An error occured (ClientException) when calling the RegisterTaskDefinition operation: Role is not valid
when I run
aws ecs register-task-definition --cli-input-json file://taskdef.json
Should I be playing around with my IAM roles? if so, which?

Me to facing same isssue , do u have any solution ?

@karthikeayan
Copy link

  1. Make sure the role is in the same account where you are trying to execute runTask
  2. Make sure the role has ecs-tasks trust relationship
  3. Make sure the role has required permissions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@karthikeayan @abaird986 @jschwarzwalder @rttomlinson @samuelj123 @shrihari21