[ECS] [issue]: PlatformTaskDefinitionIncompatibilityException when using environmentFiles on Windows FARGATE provider #1626
Comments
|
Hello, thank you for the feedback. There was unfortunately an issue in the documentation that has been corrected. At the moment Windows Containers on AWS Fargate do not support the use of As we work to bring the remaining features to the platform we will be sure to update. @SaloniSonpal - Can you please tag this appropriately for for tracking. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there!
I've been trying to use the environmentFiles field in the task definition for a container service that should run on Fargate's WINDOWS_SERVER_2019_CORE operating system. Whenever I try to deploy the task definition I get a "PlatformTaskDefinitionIncompatibilityException" and I'm unable to run the service. When omitting the environmentFiles field I'm able to run the service.
I've been reading the documentation and it seems it should work on Windows platform_version 1.0.0. I've tried to set the platform version to LATEST aswell as 1.0.0 explicitly, but still get this error.
I've also noticed at the changelog for Linux and Windows, there is mention on environmentFiles support in the Linux changelog, but not the Windows changelog, so I'm a bit confused as to whether this should work on Windows in Fargate.
My container definition looks like this (I've redacted my aws account info, but everything is otherwise the same):
{ "taskDefinitionArn": "arn:aws:ecs:us-east-2:000000000000:task-definition/container-service-task:4", "containerDefinitions": [ { "name": "container-service", "image": "000000000000.dkr.ecr.us-east-2.amazonaws.com/container-registry:1.0.0", "cpu": 2048, "memory": 4096, "links": [], "portMappings": [ { "containerPort": 6050, "hostPort": 6050, "protocol": "tcp" } ], "essential": true, "entryPoint": [ "powershell", "/consumer-start.ps1" ], "command": [], "environment": [], "environmentFiles": [ { "value": "arn:aws:s3:::container-config/config.env", "type": "s3" } ], "mountPoints": [], "volumesFrom": [], "secrets": [], "dnsServers": [], "dnsSearchDomains": [], "extraHosts": [], "dockerSecurityOptions": [], "dockerLabels": {}, "ulimits": [], "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "/ecs/container-logs", "awslogs-region": "us-east-2", "awslogs-stream-prefix": "ecs" }, "secretOptions": [] }, "healthCheck": { "command": [ "CMD-SHELL", "curl -f http://localhost:6050/health || exit 1" ], "interval": 10, "timeout": 2, "retries": 2, "startPeriod": 30 }, "systemControls": [] } ], "family": "container-service", "taskRoleArn": "arn:aws:iam::0000000000:role/container-task-role", "executionRoleArn": "arn:aws:iam::0000000000:role/container-task-role", "networkMode": "awsvpc", "revision": 4, "volumes": [], "status": "ACTIVE", "requiresAttributes": [ { "name": "com.amazonaws.ecs.capability.logging-driver.awslogs" }, { "name": "ecs.capability.execution-role-awslogs" }, { "name": "com.amazonaws.ecs.capability.ecr-auth" }, { "name": "com.amazonaws.ecs.capability.docker-remote-api.1.19" }, { "name": "com.amazonaws.ecs.capability.docker-remote-api.1.17" }, { "name": "ecs.capability.env-files.s3" }, { "name": "com.amazonaws.ecs.capability.task-iam-role" }, { "name": "ecs.capability.container-health-check" }, { "name": "ecs.capability.execution-role-ecr-pull" }, { "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18" }, { "name": "ecs.capability.task-eni" }, { "name": "com.amazonaws.ecs.capability.docker-remote-api.1.29" } ], "placementConstraints": [], "compatibilities": [ "EC2", "FARGATE" ], "runtimePlatform": { "operatingSystemFamily": "WINDOWS_SERVER_2019_CORE" }, "requiresCompatibilities": [ "FARGATE" ], "cpu": "2048", "memory": "4096", "registeredAt": "2022-01-14T16:30:41.407Z", "registeredBy": "arn:aws:iam::000000000000:user/User", "tags": [ { "key": "ecs:taskDefinition:createdFrom", "value": "ecs-console-v2" }, { "key": "ecs:taskDefinition:stackId", "value": "arn:aws:cloudformation:us-east-2:000000000000:stack/ECS-Console-V2-TaskDefinition-84623b36-84d0-4d56-9989-76787b8a8e77/4db70f90-7557-11ec-a046-0a0812508840" }, { "key": "environment", "value": "beta" } ] }My task role has AmazonECSTaskExecutionRolePolicy attached to it aswell as this task role policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeAccountAttributes" ], "Resource": "*" }, { "Action": [ "ecr:BatchGetImage", "ecr:BatchCheckLayerAvailability", "ecr:CompleteLayerUpload", "ecr:DescribeImages", "ecr:DescribeRepositories", "ecr:GetDownloadUrlForLayer", "ecr:InitiateLayerUpload", "ecr:ListImages", "ecr:PutImage", "ecr:UploadLayerPart" ], "Effect": "Allow", "Resource": "arn:aws:ecr:us-east-2:000000000000:repository/container-registry" }, { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::container-config", "arn:aws:s3:us-east-2:000000000000:accesspoint/general-bucket-ap" ] }, { "Effect": "Allow", "Action": [ "s3:*" ], "Resource": [ "arn:aws:s3:::container-config/*", "arn:aws:s3:us-east-2:000000000000:accesspoint/general-bucket-ap/*" ] }, { "Effect": "Allow", "Action": [ "s3:GetBucketLocation" ], "Resource": [ "arn:aws:s3:::container-config" ] }, { "Effect": "Allow", "Action": [ "kms:Decrypt", "kms:GenerateDataKey", "kms:DescribeKey" ], "Resource": [ "arn:aws:kms:us-east-2:000000000000:key/key-for-config", "arn:aws:kms:us-east-2:000000000000:key/key-for-general-bucket-access" ] } ] }Any ideas or pointers would be greatly appreciated! Having the .env support for my service will make life a lot easier!
The text was updated successfully, but these errors were encountered: