CODEWITHSUNDEEP
amazon-web-servicesterraformamazon-ecs
joebegborg07
joebegborg07

Reputation: 839

aws - ECS capacity provider permission

I'm trying out teraform for managing my infrastructure and got into a bit of an issue and I'm not sure what to look for.

I'm attempting to create a capacity provider for my ECS cluster however I'm getting the following error

ClientException: The capacity provider could not be created because you do not have autoscaling:CreateOrUpdateTags permissions to create tags on the Auto Scaling group

Below are my files:

Launch config and autoscale group creation

resource "aws_launch_configuration" "ecs_launch_configuration" {
    name = "ecs_launch_configuration"
    image_id = "ami-0fe19057e9cb4efd8"
    user_data = "#!/bin/bash\necho ECS_CLUSTER=ecs_cluster >> /etc/ecs/ecs.config"
    security_groups = [aws_security_group.vpc_securityGroup.id]
    iam_instance_profile = aws_iam_instance_profile.iam_role_profile.name
    key_name = "key_pair_name"
    instance_type = "t2.small"
}

resource "aws_autoscaling_group" "ecs_autoScale_group" {
    name                      = "ecs_autoScale_group"
    desired_capacity          = 1
    min_size                  = 1
    max_size                  = 2
    launch_configuration = aws_launch_configuration.ecs_launch_configuration.name
    vpc_zone_identifier = [aws_subnet.vpc_subnet_public.id]
    tag {
        key                 = "AmazonECSManaged"
        value               = true
        propagate_at_launch = true
    }
}

ECS Cluster and capacity provider creation

resource "aws_ecs_cluster" "ecs_cluster"{
    name = "ecs_cluster"
    capacity_providers = [ aws_ecs_capacity_provider.ecs_capacity_provider.name ]
}

resource "aws_ecs_capacity_provider" "ecs_capacity_provider" {
    name = "ecs_capacity_provider"
    auto_scaling_group_provider {
        auto_scaling_group_arn = aws_autoscaling_group.ecs_autoScale_group.arn
        managed_scaling {
            maximum_scaling_step_size = 2
            minimum_scaling_step_size = 1
            status                    = "ENABLED"
            target_capacity           = 1
        }
    }
}

I was able to create this from the console's GUI, however only terraform returns this error.

Help would be greatly appreciated.

Thanks in advance.

Upvotes: 1

Views: 348

Answers (1)

Grzegorz Oledzki
Grzegorz Oledzki

Reputation: 24251

(a guess)

Isn't it because the IAM user you are using in your Terraform code is lacking the autoscaling:CreateOrUpdateTags permission?

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-auto-scaling.html says:

The IAM user creating the capacity providers, needs the autoscaling:CreateOrUpdateTags permission. This is because Amazon ECS adds a tag to the Auto Scaling group when it associates it with the capacity provider.

Upvotes: 2

Related Questions