ECS unable to assume role

And for those who are writing CDK script in Java, while defining the TaskDefinition you don't have to explicitly provide any taskRole and executionRole. CDK will create appropriate Role for you.

You have to add the principal "ecs-tasks.amazonaws.com" to the trust policy for the role that's submitting a Batch job (not "ecs.amazonaws.com").

Revised role:

"TrainingJobRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "RoleName": "golfnow-invoke-write-progress",
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "lambda.amazonaws.com",
                  "ecs-tasks.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Path": "/"
      }
    },

ECS unable to assume role

Tags:

Amazon Web Services

Aws Ecs

Aws Batch

Related

Recent Posts