Reputation: 375
Set AWS EventBridge with ECS and Fargate
I have a container that is deployed with Fargate and runs without any issues when I select "Run Task" in ECS. The container uses S3, SES and CloudWatch services (it contains a Python script). When a task is run, I receive an email with output files. The next step is to trigger a task in ECS to run this container using Fargate on a schedule. For that, I am trying to use Amazon EventBridge. However, something is wrong, because the tasks fail to run.
The rule that I create has the following setup:
- cron expression, which I have confirmed that is valid (the next 10 triggered dates appear in the console).
- choose AWS Service -> ECS Task and then set the cluster, task name and subnet ID.
- I choose the task execution role (ecsTaskExecutionRole). This task has a
Amazon_EventBridge_Invoke_ECSpolicy attached to it. This policy came from previous failed runs.
The event was successfully attached to the task in ECS, because if I go to the specified cluster and the tab Scheduled tasks, it is there. I have tried multiple configurations and I keep getting FailedInvocations, which makes me think it is a problem with the role policies.
I have created an additional target for the rule to log in CloudWatch, but the logs are not useful at all. I have checked also CloudTrail and looked for RunTask events. In some occasions, when I set a rule, no RunTask events are shown in CloudTrail. Other times they appear but do not show any ErrorCode. I also had instances where the RunTasks had the error InvalidParameterException: "No Container Instances were found in your cluster. Any ideas about what may be wrong?
Upvotes: 1
Views: 2083
Answers (1)
Reputation: 364
I'm not sure this could be the problem for you.
I was having a VERY similar issue, and I fixed it by changing the role's policy to this:
{
"Statement": [
{
"Action": [
"iam:PassRole"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ecs:RunTask"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
}
I have the feeling that you need to change your role to a new role that has this policy instead of the one that you mentioned (ecsTaskExecutionRole), since that role has the policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
}
EDIT: Just to add. This would be the role that the EventBridge rule should have, not the task definition within the cluster. The task definition role should still be the one that you've mentioned (ecsTaskExecutionRole)
Upvotes: 0
Related Questions
- Copy and paste data from multiple workbooks located in the same folder to several worksheets of a pre-existing workbook
- How can I loop through Excel worksheets, in multiple workbooks in the same directory while copying data into a new workbook?
- Copying Between Workbooks with Varying Names
- Copy and paste data from multiple workbooks to a worksheet in another Workbook
- Copying data from multiple worksheets to multiple workbooks
- Copy-paste between workbooks
- Copy cell range between workbooks from same folder
- Copying Excel sheet to all Workbooks in directory
- excel vba copy-paste data in different workbooks
- Macro to copy data from one workbook to all other workbooks in a specific folder