小贝子编程

Terraform Launch Type Fargate for windows容器错误:-您没有访问指定平台的权限



描述

Terraform:对于Launch类型,Fargate与windows容器在运行Terraform应用程序后出现以下错误:

创建应用名称服务时出错:等待ECS服务(应用名称(创建时出错:AccessDeniedException:您没有访问指定平台的权限。

使用的Terraform和AWS提供商版本以下:

Terraform CLI和Terraform AWS提供程序版本用户代理:APN/1.0 HashiCorp/1.0 Terraform/0.12.31(+https://www.terraform.io)地形提供程序aws/3.70.0(+https://registry.terraform.io/providers/hashicorp/aws)aws-sdk-go/1.42.23(go1.16;linux;amd64(

受影响的资源:-aws_ecs_service

Terraform配置文件

resource "aws_ecs_task_definition" "app_task" {
family                = "${var.tags["environment"]}-app"
container_definitions = data.template_file.app_task_definition.rendered
requires_compatibilities = ["FARGATE"]
network_mode             = "awsvpc"
task_role_arn      = aws_iam_role.ecs_role.arn
execution_role_arn = aws_iam_role.ecs_role.arn
memory             = var.fargate_memory
cpu                = var.fargate_cpu
runtime_platform {
operating_system_family = "WINDOWS_SERVER_2019_CORE"
cpu_architecture = "X86_64"
}
depends_on = [null_resource.confd_cluster_values]
}
resource "aws_ecs_service" "app" {
name                               = "${var.tags["environment"]}-app"
cluster                            = data.terraform_remote_state.fargate_cluster.outputs.cluster.id
task_definition                    = aws_ecs_task_definition.app_task.arn
desired_count                      = var.ecs_app_desired_count
health_check_grace_period_seconds  = 2147483647
deployment_minimum_healthy_percent = 0
deployment_maximum_percent         = 100
launch_type                        = "FARGATE"
enable_execute_command             = true
network_configuration {
security_groups = [data.terraform_remote_state.fargate_cluster.outputs.cluster_security_group]
subnets = data.aws_subnet_ids.private.ids
}
load_balancer {
target_group_arn = aws_alb_target_group.app.arn
container_name   = var.alb_target_container_name
container_port   = 8097
}
lifecycle {
ignore_changes = [desired_count]
}
depends_on = [aws_ecs_task_definition.app_task]
}

调试输出

-----------------------------------------------------:时间戳=2022-01-01T16:30:06.055+05302022-01-01T16:30:06.055+0530[信息]插件.terraform-provider-aws_v3.70.0_x5:2022/01/01 16:30:06[调试][aws sdk go]{2022-01-01T16:30:06.055+0530[信息]插件.terraform-provider-aws_v3.70.0_x5:2022/01/01 16:30:06[调试][aws sdk go]调试:验证响应ecs/CreateService失败,尝试0/25,错误AccessDeniedException:您没有访问指定平台的权限:时间戳=2022-01-01T16:30:06.055+0530

问题不是由于您的TF代码,而是由于您用于运行代码的IAM权限。你必须验证你的权限。如果您的帐户是一组帐户的一部分,您也可能在AWS组织级别受到限制。

阅读本文后https://aws.amazon.com/blogs/containers/running-windows-containers-with-amazon-ecs-on-aws-fargate/了解到亚马逊ECS Exec功能在Fargate for Windows任务中不受支持,因此发生了错误。

在aws_ecs_service中禁用以下功能解决了此问题。

enable_execute_command=true

如果terraform能够向用户显示一条适当的消息,说明上述功能不适用于windows,而不是抛出一个错误"strong>",这将是有帮助的;您没有访问指定平台的权限">

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium