You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jun 15, 2023. It is now read-only.
I tried the first version with the ListTask action and did not get it to work. I solved it by using the wildcard * as resource and a condition for the cluster. I guess the Service Authorization Reference is wrong. In the past I also had problems with RunTask and its resources statement which I could not resolve. Maybe there was some kind of rework in the past which did not make it to the Service Authorization Reference?
The text was updated successfully, but these errors were encountered:
The Service Authorization Reference is using the correct ARN format. The issue in the guide is that it was using the older ARN format from before the cluster name was added to the ARN formats for container instances, services, and tasks. I've made an update to the guide to correct the ARN formats and that should be live soon.
At https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelasticcontainerservice.html#amazonelasticcontainerservice-container-instance we can see the resource-type documented as:
arn:${Partition}:ecs:${Region}:${Account}:container-instance/${ClusterName}/${ContainerInstanceId}
At https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security_iam_id-based-policy-examples.html#IAM_container_instance_policies there is an example which looks like this:
arn:aws:ecs::<aws_account_id>:container-instance/<container_instance_UUID>
I tried the first version with the ListTask action and did not get it to work. I solved it by using the wildcard * as resource and a condition for the cluster. I guess the Service Authorization Reference is wrong. In the past I also had problems with RunTask and its resources statement which I could not resolve. Maybe there was some kind of rework in the past which did not make it to the Service Authorization Reference?
The text was updated successfully, but these errors were encountered: