I am trying to set up auto-scaling for my fargate tasks but I am confused about the iam role that I need. All articles I am reading refer to a role “${aws_iam_role.ecs_autoscale_role.arn}” but I am not finding it in our account. The terraform section that refers to this role is the target:
resource "aws_appautoscaling_target" "target" {
service_namespace = "ecs"
resource_id = "service/${aws_ecs_cluster.cluster.name}/${aws_ecs_service.web.name}"
scalable_dimension = "ecs:service:DesiredCount"
role_arn = "${aws_iam_role.ecs_autoscale_role.arn}"
min_capacity = 1
max_capacity = 4
}
If I go to the UI to manually configure autoscaling, it says it will create role ecsAutoscaleRole but that fails with
Failed creation of IAM Autoscale role
IAM Autoscale role could not create ecsAutoscaleRole: User: arn:aws:sts::xxxxxxxxx:assumed-role/Resource-Admin/shenv is not authorized to perform: iam:CreateRole on resource: arn:aws:iam::xxxxxxx:role/ecsAutoscaleRole with an explicit deny (Service: AmazonIdentityManagement; Status Code: 403; Error Code: AccessDenied; Request ID: xxxxxxx-xxxx-xxxx-x-xxx93b9b33d0fe9)
which I think makes sense because my user does not have the deploy permissions. We always use terraform to create everything. But how can I create this ecsAutoscaleRole ? I am not finding any documentation that helps me.
The articles I am following are: