AWS Fargate在任务定义中定义日志会导致云形成从未完成

时间:2018-07-22 20:38:55

标签: amazon-web-services amazon-cloudformation aws-fargate

我正在尝试使用cloudformation创建我的第一个Fargate集群和任务定义。如果我在群集定义中省略了awslogs部分,则堆栈成功完成,但是如果添加它,则任务定义将永远无法完成启动。

这是我的json播放集群的任务定义

"ECSTaskDefinition" :{
  "Type" : "AWS::ECS::TaskDefinition",
  "Properties" : {
    "Family" : "family",
    "RequiresCompatibilities" : [ "FARGATE" ],
    "Memory" : "8192",
    "Cpu" : "2048",
    "NetworkMode" : "awsvpc",
    "ExecutionRoleArn" : {"Fn::GetAtt": ["InstanceRoleECSTaskExecution", "Arn"] },        
    "TaskRoleArn" : {"Fn::GetAtt": ["InstanceRoleECSTaskExecution", "Arn"] },
    "ContainerDefinitions" : [ 
      {
        "Name": "test",  
        "Image": "test-image",
        "LogConfiguration": {
          "LogDriver": "awslogs",
          "Options": {
            "awslogs-group": { "Ref": "TestLogGroup"},
            "awslogs-region": "AWS::Region",
            "awslogs-stream-prefix": "ecs"
          }
        },   
        "PortMappings": [
          {
            "HostPort": 8080,
            "Protocol": "tcp",   
            "ContainerPort": 8080
          }
        ],
        "Environment": [
          {
            "Name": "JAVA_OPTS",
            "Value": "config here"
          }
        ]            
      }
    ]
  }
},

以及我要创建的IAM角色。

    "IAMPolicyECSTaskExecution": {
  "Type": "AWS::IAM::Policy",
  "Properties": {
    "PolicyName" : "TestName",
    "PolicyDocument": {
      "Statement": [
        {
          "Action": [
           "ecs:CreateCluster",
           "ecs:DeregisterContainerInstance",
           "ecs:DiscoverPollEndpoint",
           "ecs:Poll",
           "ecs:RegisterContainerInstance",
           "ecs:StartTelemetrySession",
           "ecs:Submit*",
           "ecr:GetAuthorizationToken",
           "ecr:BatchCheckLayerAvailability",
           "ecr:GetDownloadUrlForLayer",
           "ecr:BatchGetImage",
           "logs:CreateLogStream",
           "logs:CreateLogGroup",
           "logs:PutLogEvents",
           "logs:DescribeLogGroups",
           "logs:DescribeLogStreams"
          ],
          "Resource": "*",
          "Effect": "Allow"
        }
      ]
    },
    "Roles" : [ { "Ref" : "InstanceRoleECSTaskExecution" } ]
  }
},

即使没有一点打开,权限看起来也不错。我想念什么?可能是awslogs-stream-prefix配置吗?

0 个答案:

没有答案