Task execution role required for ECR images

Question

Task execution role required for ECR images

werkshy opened this issue 6 years ago · comments

Hi,

I am trying to use an ECR docker image in place of the nginx default, and quickly ran into an awkward error - the service stack failed to create because the task definition needed a role that could access ECR. The exact error that stopped the stack creation was "Fargate requires task definition to have execution role ARN to support ECR images."

I solved this manually by setting up an ecsTaskExecutionRole and then putting the arn into the TaskDefinition like this

  TaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
      ...
      NetworkMode: awsvpc
      ExecutionRoleArn: arn:aws:iam::XXXXX:role/ecsTaskExecutionRole**
      RequiresCompatibilities:
        - FARGATE
      ContainerDefinitions:
      ...

It might make sense to enable this by default in this reference.

Nathan Peck · Answer 1 · Sat Feb 03 2018 00:31:39 GMT+0800 (China Standard Time)

Thanks for reporting! I actually just fixed this yesterday in the official AWS CloudFormation repository: https://github.com/awslabs/aws-cloudformation-templates/tree/master/aws/services/ECS

I'll patch the templates here as well.

Nathan Peck · Answer 2 · Sat Feb 03 2018 01:09:37 GMT+0800 (China Standard Time)

Just pushed a fix: 6c34467

Enjoy!