您好,我正在研究AWS CDK。我正在ECS任务定义中配置记录器。
在我创建的记录器下方
logDetails = logs.LogGroup(self, "MerchWebServicesLogGroup", log_group_name="/projects/merchwebserviceslog/apiservices", retention=logs.RetentionDays.SIX_MONTHS, removal_policy=core.RemovalPolicy.DESTROY)
哪个生成以下cloudformation
MerchWebServicesLogGroup94598F8F:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: /projects/merchwebserviceslog/apiservices
RetentionInDays: 180
UpdateReplacePolicy: Delete
DeletionPolicy: Delete
然后附加到容器
container = task_definition.add_container(
"mw-service",
image=ecs.ContainerImage.from_registry("123.dkr.ecr.ap-southeast-2.amazonaws.com/location/location-service:latest"),
memory_limit_mib=3072,
logging = ecs.AwsLogDriver(stream_prefix='MerchServices', log_group=logDetails))
使用默认策略生成的默认任务执行角色
MWSECSTaskExecutionRole40529A5B:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Version: "2012-10-17"
Metadata:
aws:cdk:path: location-agent-cdk/MWSECSTaskExecutionRole/Resource
MWSECSTaskExecutionRoleDefaultPolicyEDA68720:
Type: AWS::IAM::Policy
Properties:
PolicyDocument:
Statement:
- Action:
- logs:CreateLogStream
- logs:PutLogEvents
Effect: Allow
Resource:
Fn::GetAtt:
- MerchWebServicesLogGroup94598F8F
- Arn
Version: "2012-10-17"
PolicyName: MWSECSTaskExecutionRoleDefaultPolicyEDA68720
Roles:
- Ref: MWSECSTaskExecutionRole40529A5B
如果我添加上述策略,我将开始出现错误提示。
Status reason CannotStartContainerError: Error response from daemon: failed to initialize logging driver: failed to create Cloudwatch log stream: CredentialsEndpointError: failed to load credentials caused by: :
我在上述政策方面遇到了问题。我不想要那个政策。这是创建默认值。我没有找到停止生成默认策略的任何方法。可以帮我停止生成默认策略吗?任何帮助,将不胜感激。谢谢