I'm creating an AWS IAM role with the following terraform block. This enables AmazonECSTaskExecutionRolePolicy permission.
resource "aws_iam_role" "my_ecs_task_execution_role" {
name_prefix = "my_ecs_task_execution_role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ecs-tasks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
description = "Allows ECS tasks to call AWS ECS on your behalf."
}
And I'm using the above IAM role to create a AWS Batch Job Definition like below.
resource "aws_batch_job_definition" "job_def_m_8_c_4" {
name = "m_8_c_4"
type = "container"
platform_capabilities = ["EC2"]
container_properties = <<CONTAINER_PROPERTIES
{
"executionRoleArn": "${aws_iam_role.my_ecs_task_execution_role.arn}",
"image": "<image_uri>",
"memory": 8000,
"vcpus": 4
}
CONTAINER_PROPERTIES
timeout {
attempt_duration_seconds = 21600
}
}
And I've also added the necessary job queue and the compute environment.
But the problem here, when I run terraform apply, I'm getting some strange errors for the first time that -
error creating Batch Job Definition (m_8_c_4): : Error executing request, Exception :
arn:aws:iam::xxx:role/my_ecs_task_execution_rolexyz role is not authorized.,
RequestId: xyzzys-xyzxyz-xyzxyxz
And I using Terraform - v1.4.4
Solutions that I already tried
I tried adding "AWS": "arn:aws:iam::<account_id>:root" to aws_iam_role.my_ecs_task_execution_role and again got the same result.
I've also verified the STS endpoints and they are active across all regions.
Your role does not appear to have any permissions. Defining the
assume_role_policywill merely allow ECS to assume the role.Consider attaching the
AmazonECSTaskExecutionRolePolicyAWS-managed policy to your role: