Fail to create ecs service to terraform 1.5 with aws provider 5.9.0

Terraform Providers AWS
1

Hello,
I am trying to create ecs service with aws provider 5.9.0 and I also tried to change the version to 5.0.0 but it still won’t work. I don’t know what is wrong with the terraform version 0.13 it worked well.

Here is the error:

Error: updating ECS Service (arn:aws:ecs:eu-west-1:012001691480:service/rn_ecs_irn_70382_ras_dev/rn-ecs-irn-70382-ras-bff-dev): InvalidParameterException: The service couldn't be updated because a valid taskRoleArn is not being used. Specify a valid task role in your task definition and try again.

Here is the module:

module "ecs-service" {
  source                         = "git::https://gitlabee.com/infrastructure-services/aws/tf_modules/module_ecs_path_route.git?ref=v2.0.0"
  for_each                       = {for service in var.services:  service.us_name => service}
  region                         = var.region
  env                            = var.env
  container_port                 = "${each.value.container_port}"
  resourceName                   = "rn-ecs-${var.irn}-${var.sia}-${each.value.us_name}-${var.env}"
  acmCertificateArn              = module.certificate.arn
  acmCertificateArnCount         = module.certificate.arn_count
  serviceIamRoleArn              = data.aws_iam_role.serviceIamRoleArn.arn
  albTargetGroupHealthCheckPath  = var.albTargetGroupHealthCheckPath
  clusterArn                     = data.aws_ecs_cluster.ecsCluster.arn
  desiredCount                   = "${each.value.desiredCount}"
  ecsServicePlacementStrategy    = var.ordered_placement_strategy
  ecsServicePlacementConstraint  = var.placement_constraints
  projectSia                     = var.sia
  serviceEnv                     = var.serviceEnv
  public_subnets                 = join(", ", [data.aws_subnet.public_1.id, data.aws_subnet.public_2.id])
  vpcId                          = data.aws_vpc.selected.id
  target_group_arn               = aws_alb_target_group.alb_target_group[each.key].id
  alb_access_logs_enable         = var.alb_access_logs_enable
  alb_access_logs_prefix         = "log-${var.irn}-${var.sia}-${var.env}"
  alb_target_bucket_logs         = var.alb_target_bucket_logs
  alb_enable_deletion_protection = var.alb_enable_deletion_protection
  alb_stickiness_cookie_duration = var.alb_stickiness_cookie_duration
  alb_extra_tags                 = var.alb_extra_tags
  idle_timeout                   = var.idle_timeout
  ssl_policy                     = var.ssl_policy
  role_arn_assume_role           = var.role_arn_assume_role
  prd_zone_name                  = var.prd_zone_name
  is_private_zone_prd            = var.is_private_zone_prd
  prd_alias                      = var.prd_alias
  tags                           = module.application-label.tags
  docker_image_tag               = var.docker_image_tag
  docker_image                   = var.docker_image
  docker_registry                = var.docker_registry
  propagate_tags                 = var.propagate_tags
  alb_deregistration_delay       = var.alb_deregistration_delay
  desync_mitigation_mode         = var.desync_mitigation_mode
  capacity_provider              = var.capacity_provider
  iam_ecs_task_role              = "${each.value.iam_ecs_task_role}"

  depends_on = [resource.aws_alb_target_group.alb_target_group]
}

and here is the ecs_service resource:

data "template_file" "task_definition" {
  template = file("${path.module}/task-definition.json")

  vars = {
    name             = var.resourceName
    docker_image_tag = var.docker_image_tag
    docker_image     = var.docker_image
    docker_registry  = var.docker_registry
    container_port   = var.container_port
    task_role_arn    = aws_iam_role.task_assume_role_access.arn
  }
}

resource "aws_ecs_task_definition" "task_definition" {
  family                = var.resourceName
  container_definitions = data.template_file.task_definition.rendered

  lifecycle {
    ignore_changes = [container_definitions]
  }
}

resource "aws_ecs_service" "ecs_service" {
  name            = var.resourceName
  cluster         = var.clusterArn
  task_definition = aws_ecs_task_definition.task_definition.arn
  desired_count   = var.desiredCount
  iam_role        = var.serviceIamRoleArn
  enable_execute_command = var.ecsEnableExecuteCommand

  load_balancer {
    target_group_arn = var.target_group_arn 
    container_name   = var.resourceName
    container_port   = var.container_port
  }

  capacity_provider_strategy {
    capacity_provider = var.capacity_provider
    weight            = 1
    base              = 0
  }

  ordered_placement_strategy {
    type  = var.ecsServicePlacementStrategyType
    field = var.ecsServicePlacementStrategyField
  }
  
  dynamic "placement_constraints" {
    for_each = var.ecsServicePlacementConstraint
    content {
      expression = lookup(placement_constraints.value, "expression", null)
      type       = placement_constraints.value.type
    }
  }

  lifecycle {
    ignore_changes = [desired_count, task_definition]
  }

  enable_ecs_managed_tags = "true"
  propagate_tags          = var.propagate_tags
  tags                    = var.tags
}

and here is the IAM role:

data "aws_iam_policy_document" "ecs_assume_role_policy" {
  statement {
    actions = ["sts:AssumeRole"]

    principals {
      type        = "Service"
      identifiers = ["ecs-tasks.amazonaws.com"]
    }
  }
}

resource "aws_iam_role" "task_assume_role_access" {
  name                = var.iam_ecs_task_role
  assume_role_policy  = data.aws_iam_policy_document.ecs_assume_role_policy.json
}

Could you help me, please?

2

I fixed it out. It was issue with uncreated iam role. I had to sorted out.

3

Could you please tell how exactly did you fix it?

4

Check IAM role to have it in AWS and it is same as task role arn.