Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

event_rule_role_arn input ignored in event targets #5

Closed
tim-faase opened this issue Jul 15, 2021 · 5 comments
Closed

event_rule_role_arn input ignored in event targets #5

tim-faase opened this issue Jul 15, 2021 · 5 comments
Assignees
@jnonino
Projects
CN Services - Terraform Modules

Comments

@tim-faase
Copy link

tim-faase commented Jul 15, 2021
edited

Providing event_rule_role_arn input to module is ignored and module.ecs-fargate-scheduled-task.aws_iam_role.scheduled_task_cw_event_role is used in event target.

  # module.ecs-fargate-scheduled-task.aws_cloudwatch_event_target.ecs_scheduled_task will be created
  + resource "aws_cloudwatch_event_target" "ecs_scheduled_task" {
      + arn            = "arn:aws:ecs:ap-southeast-2:445645794583:cluster/hydrofluxdr-prod"
      + event_bus_name = "default"
      + id             = (known after apply)
      + role_arn       = (known after apply)

https://github.com/cn-terraform/terraform-aws-ecs-fargate-scheduled-task/blob/main/main.tf#L64
@jnonino
Copy link
Member

jnonino commented Jul 16, 2021

Hi, how are you?

event_rule_role_arn is not ignored, it is used in this resource:

resource "aws_cloudwatch_event_rule" "event_rule" {
  name                = var.event_rule_name
  schedule_expression = var.event_rule_schedule_expression
  event_bus_name      = var.event_rule_event_bus_name
  event_pattern       = var.event_rule_event_pattern
  description         = var.event_rule_description
  role_arn            = var.event_rule_role_arn
  is_enabled          = var.event_rule_is_enabled
  tags = {
    Name = "${var.name_prefix}-cw-event-rule"
  }
}

Are you sure you need to have event_rule_role_arn in the event target (module.ecs-fargate-scheduled-task.aws_cloudwatch_event_target.ecs_scheduled_task)??

@jnonino jnonino self-assigned this Jul 16, 2021
@jnonino jnonino added this to To do in CN Services - Terraform Modules via automation Jul 16, 2021
@tim-faase
Copy link
Author

The event target specifies a RoleArn, CloudTrail reported a failure of the event wanting to assume to role of Task and Task Execution.
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/events/put-targets.html#options

{"errorMessage": "User: arn:aws:sts::##:assumed-role/corporate-dev-cli-st-cw-role/## is not authorized to perform: iam:PassRole on resource: arn:aws:iam::##:role/##-task-role-dev-app"}

@jnonino jnonino linked a pull request Sep 17, 2021 that will close this issue
Add support for ECS task role #7
Merged
CN Services - Terraform Modules automation moved this from To do to Done Sep 17, 2021
@jnonino jnonino reopened this Sep 17, 2021
CN Services - Terraform Modules automation moved this from Done to To do Sep 17, 2021
@jnonino jnonino removed a link to a pull request Sep 17, 2021
Add support for ECS task role #7
Merged
@jnonino
Copy link
Member

jnonino commented Nov 25, 2021

Hi @tim-faase, did the change in PR-7 solve the issue?

@tim-faase
Copy link
Author

@jnonino yes, sorry for not advising

@jnonino
Copy link
Member

jnonino commented Nov 30, 2021

No problem @tim-faase, thanks. Please let me know if you have any other issue!!

@jnonino jnonino closed this as completed Nov 30, 2021
CN Services - Terraform Modules automation moved this from To do to Done Nov 30, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jnonino jnonino

Labels
None yet
Projects
CN Services - Terraform Modules
Status: Done
CN Services - Terraform Modules
  
Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tim-faase @jnonino