除了服务资源挂在“ CREATE_IN_PROGRESS”之外,我的以下cloudformation脚本可以通过我的create-stack命令正常运行。希望大家都能看到我所缺少的明显问题。
除了“事件”页面(此页面仅显示此挂起的状态行)外,我没有其他方法可以更深入地了解该过程的位置,但很乐意提供更多信息。< / p>
AWSTemplateFormatVersion: '2010-09-09'
Description: container on ecs cluster
Resources:
# Defines container. This is a simple metadata description of what
# container to run, and what resource requirements it has.
Task:
Type: AWS::ECS::TaskDefinition
Properties:
Family: apis
Cpu: 256
Memory: 512
NetworkMode: awsvpc
RequiresCompatibilities:
- FARGATE
ExecutionRoleArn: 'iamRoleHere'
ContainerDefinitions:
- Name: booksapi
# this is the image name from our repo that we made early on: aws ecr describe-repositories
Image: 'imageHere'
Cpu: 256
Memory: 512
PortMappings:
- ContainerPort: 50577
Protocol: tcp
# The service. The service is a resource which allows you to run multiple
# copies of a type of task, and gather up their logs and metrics, as well
# as monitor the number of running tasks and replace any that have crashed.
# defines how the task or container will be scheduled and deployed in the cluster and how the container instances will be registered with load balancer
Service:
Type: AWS::ECS::Service
DependsOn: ListenerRule
Properties:
#if using param for servicename: !Ref 'ServiceName'
ServiceName: booksapi
TaskDefinition: !Ref 'Task'
Cluster: !ImportValue 'ECSCluster'
LaunchType: FARGATE
DesiredCount: 2
DeploymentConfiguration:
MaximumPercent: 200
MinimumHealthyPercent: 70
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: ENABLED
Subnets:
- 'subnet-abctyui'
- 'subnet-poyfdha'
SecurityGroups:
- !ImportValue ContainerSecurityGroup
LoadBalancers:
- ContainerName: booksapi
ContainerPort: 50577
TargetGroupArn: !Ref TargetGroup
# A target group. This is used for keeping track of all the tasks, and
# what IP addresses / port numbers they have. You can query it yourself,
# to use the addresses yourself, but most often this target group is just
# connected to an application load balancer, or network load balancer, so
# it can automatically distribute traffic across all the targets.
# add 443 after POC. remove health check for now as it is buggy at the moment in our template
TargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Name: books-tg
VpcId: 'vpc-ljhdfrr'
Port: 80
Protocol: HTTP
Matcher:
HttpCode: 200-299
HealthCheckIntervalSeconds: 10
HealthCheckPath: /stat
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 5
HealthyThresholdCount: 10
TargetType: ip
ListenerRule:
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
ListenerArn: !ImportValue Listener
Priority: 2
Conditions:
- Field: path-pattern
Values:
- /v1/books*
Actions:
- TargetGroupArn: !Ref TargetGroup
Type: forward
Outputs:
ApiEndpoint:
Description: Tests API Endpoint
Value: !Join ['', ['http://', !ImportValue DomainName, '/v1/books']]
Export:
Name: 'BooksApiEndpoint'
答案 0 :(得分:0)
啊,我能够在ecs中转到该服务,并查看那里的“事件”标签:
service booksapi failed to launch a task with (error ECS was unable to assume the role 'iamRoleHere' that was provided for this task. Please verify that the role being passed has the proper trust relationship and permissions and that your IAM user has permissions to pass this role.).