Task execution role required for ECR images
werkshy opened this issue · 2 comments
Hi,
I am trying to use an ECR docker image in place of the nginx default, and quickly ran into an awkward error - the service stack failed to create because the task definition needed a role that could access ECR. The exact error that stopped the stack creation was "Fargate requires task definition to have execution role ARN to support ECR images."
I solved this manually by setting up an ecsTaskExecutionRole and then putting the arn into the TaskDefinition like this
TaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
...
NetworkMode: awsvpc
ExecutionRoleArn: arn:aws:iam::XXXXX:role/ecsTaskExecutionRole**
RequiresCompatibilities:
- FARGATE
ContainerDefinitions:
...
It might make sense to enable this by default in this reference.
Thanks for reporting! I actually just fixed this yesterday in the official AWS CloudFormation repository: https://github.com/awslabs/aws-cloudformation-templates/tree/master/aws/services/ECS
I'll patch the templates here as well.
Just pushed a fix: 6c34467
Enjoy!