Hi,
I have this error where i want to create a aws_ecs_service
resource "aws_ecs_service" "bffMobileService" {
name = "bffMobileService"
cluster = aws_ecs_cluster.bffMobileClusterDev.id
task_definition = aws_ecs_task_definition.bffMobileService.arn
desired_count = 1
iam_role = aws_iam_role.ecs_task_role.arn
depends_on = [aws_iam_role.ecs_task_execution_role]
ordered_placement_strategy {
type = "binpack"
field = "cpu"
}
load_balancer {
target_group_arn = aws_lb_target_group.dev-bff-service-target-group.arn
container_name = "web"
container_port = 3000
}
placement_constraints {
type = "memberOf"
expression = "attribute:ecs.availability-zone in [ap-southeast-1a, ap-southeast-1b]"
}
}
resource "aws_lb_target_group" "dev-bff-service-target-group" {
name = "dev-bff-service-target-group"
target_type = "alb"
port = 3000
protocol = "TCP"
vpc_id = aws_vpc.main.id
}
I have assign a role
# IAM Role
resource "aws_iam_role" "ecs_task_execution_role" {
name = "ecs_task_execution"
# Terraform's "jsonencode" function converts a
# Terraform expression result to valid JSON syntax.
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Sid = ""
Principal = {
Service = "ecs-tasks.amazonaws.com"
}
},
]
})
tags = {
Environment = "Development ecs_task_execution_role mobile-bff"
}
}
The error I get is
│ Error: error creating ECS service (bffMobileService): InvalidParameterException: Unable to assume role and validate the specified targetGroupArn. Please verify that the ECS service role being passed has the proper permissions.
│
│ with aws_ecs_service.bffMobileService,
│ on bffEcsService.tf line 1, in resource "aws_ecs_service" "bffMobileService":
│ 1: resource "aws_ecs_service" "bffMobileService" {
│
Any advise will be appreciated.
Chris