Reputation: 495
I'm using the latest ECS Agent v1.22.0 for Windows ECS cluster. I want to try out the new feature https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html?shortFooter=true but with the following failed error message:
service XXX was unable to place a task because no container instance met
all of its requirements. The closest matching container-instance YYY is
missing an attribute required by your task.
It doesn't appear ECS Agent logs show any error. My Task has the following attributes:
"requiresAttributes": [
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.28"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.execution-role-ecr-pull"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.task-iam-role"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.execution-role-awslogs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.secrets.ssm.environment-variables"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
}
]
Upvotes: 2
Views: 1967
Reputation: 187
fwiw the windows instructions seem to include a gotcha here:
For Windows tasks that are configured to use the awslogs logging driver, you must also set the ECS_ENABLE_AWSLOGS_EXECUTIONROLE_OVERRIDE environment variable on your container instance. This can be done with User Data using the following syntax:
Upvotes: 2