如何解决查找executionRoleArn,taskRoleArn的值
我正在研究AWS Python tutorial,module 2。
我在C部分,必须在task definition
文件中填充一些REPLACE_ME
值来创建json
。
{
"family": "mythicalmysfitsservice","cpu": "256","memory": "512","networkMode": "awsvpc","requiresCompatibilities": [
"FARGATE"
],"executionRoleArn": "REPLACE_ME_ECS_SERVICE_ROLE_ARN","taskRoleArn": "REPLACE_ME_ECS_TASK_ROLE_ARN","containerDefinitions": [
{
"name": "MythicalMysfits-Service","image": "REPLACE_ME_IMAGE_TAG_USED_IN_ECR_PUSH","portMappings": [
{
"containerPort": 8080,"protocol": "http"
}
],"logConfiguration": {
"logDriver": "awslogs","options": {
"awslogs-group": "mythicalmysfits-logs","awslogs-region": "us-east-1","awslogs-stream-prefix": "awslogs-mythicalmysfits-service"
}
},"essential": true
}
]
}
我不确定三个变量在哪里获取值:
"REPLACE_ME_ECS_SERVICE_ROLE_ARN","REPLACE_ME_ECS_TASK_ROLE_ARN","REPLACE_ME_IMAGE_TAG_USED_IN_ECR_PUSH"
在此步骤之前,在步骤A和B中,我create-cluster
,但是该输出对我来说并不明显:
$ aws ecs create-cluster --cluster-name MythicalMysfits-Cluster
{
"cluster": {
"clusterArn": "arn:aws:ecs:us-east-1:002847010850:cluster/MythicalMysfits-Cluster","clusterName": "MythicalMysfits-Cluster","status": "ACTIVE","registeredContainerInstancesCount": 0,"runningTasksCount": 0,"pendingTasksCount": 0,"activeServicesCount": 0,"statistics": [],"tags": [],"settings": [
{
"name": "containerInsights","value": "disabled"
}
],"capacityProviders": [],"defaultCapacityProviderStrategy": []
}
}
我怀疑我可能知道的唯一值是"REPLACE_ME_IMAGE_TAG_USED_IN_ECR_PUSH"
,当我将docker映像推送到Elastic Compute Repository时可以从docker push 002847010850.dkr.ecr.us-east-1.amazonaws.com/mythicalmysfits/service
中获取
因此,我做出了一个猜测,将"clusterArn"
的值用于REPLACE_ME,将原始图像标签用于第三个,但
$ aws ecs register-task-definition --cli-input-json file://~/environment/aws-modern-application-workshop/module-2/aws-cli/task-definition.json
An error occurred (ClientException) when calling the RegisterTaskDefinition operation: Role is not valid
这是我喂的json:
{
"family": "mythicalmysfitsservice","executionRoleArn": "arn:aws:ecs:us-east-1:002847010850:cluster/MythicalMysfits-Cluster","taskRoleArn": "arn:aws:ecs:us-east-1:002847010850:cluster/MythicalMysfits-Cluster","image": "002847010850.dkr.ecr.us-east-1.amazonaws.com/mythicalmysfits/service","essential": true
}
]
}
有人可以告诉我我要去哪里哪里吗?本教程非常糟糕-只是一堆咒语,非常脆弱,没有明显的论坛讨论可以解决。
解决方法
您应该为ecs-service-role和task-execution-role REPLACE_ME_ECS_SERVICE_ROLE_ARN
使用IAM角色
分别REPLACE_ME_ECS_TASK_ROLE_ARN
。
ecs-service-role
可能已经存在,但是如果没有,则可以如图here所示创建它。 task-execution-role
的形式取决于您的应用程序要访问哪些AWS服务,例如S3。
Marcin提出的答案建议使我重新考虑并查看了本教程前面部分的JSON输出。
signout()
给出了一堆键/值对,并且aws cloudformation describe-stacks --stack-name MythicalMysfitsCoreStack
REPLACE_ME_ECS_SERVICE_ROLE_ARN
REPLACE_ME_ECS_TASK_ROLE_ARN
都在其中。
然后该程序起作用。