我正在尝试创建具有多个目标组的AWS ECS服务。已经使用自定义IAM角色创建了该服务,但是我尝试附加第二个目标组,使它重新创建该服务。
resource "aws_ecs_service" "sampple" {
name = "sample"
cluster = var.ecs_cluster_id
task_definition = aws_ecs_task_definition.sample.arn
desired_count = var.desired_count
# iam_role = var.ecs_role
deployment_maximum_percent = 200
deployment_minimum_healthy_percent = 70
load_balancer {
target_group_arn = aws_alb_target_group.webapp.id
container_name = "nginx"
container_port = 80
}
dynamic "load_balancer" {
for_each = var.private_endpoint
content {
target_group_arn = aws_alb_target_group.private_endpoint.0.id
container_name = "nginx"
container_port = 80
}
}
}
计划:
+ resource "aws_ecs_service" "webapp" {
+ cluster = "arn:aws:ecs:region:acccount-id:cluster/im-staging0"
+ deployment_maximum_percent = 200
+ deployment_minimum_healthy_percent = 70
+ desired_count = 1
+ enable_ecs_managed_tags = false
+ iam_role = "ecsServiceRole"
+ id = (known after apply)
+ launch_type = (known after apply)
+ name = "webapp"
+ platform_version = (known after apply)
+ scheduling_strategy = "REPLICA"
+ task_definition = (known after apply)
+ load_balancer {
+ container_name = "nginx"
+ container_port = 80
+ target_group_arn = "arn:aws:elasticloadbalancing:region:acccount-id:targetgroup/im-staging-app-alb-tg/81129f7bc760e5e9"
}
+ load_balancer {
+ container_name = "nginx"
+ container_port = 80
+ target_group_arn = "arn:aws:elasticloadbalancing:region:acccount-id:targetgroup/im-staging-webapp-alb-tg/b6a756a7c06a2054"
}
+ placement_strategy {
+ field = (known after apply)
+ type = (known after apply)
}
}
}
初始计划差异:
# module.webapp.aws_ecs_service.webapp must be replaced
-/+ resource "aws_ecs_service" "sample" {
cluster = "arn:aws:ecs:region:account-id:cluster/sample"
deployment_maximum_percent = 200
deployment_minimum_healthy_percent = 70
desired_count = 1
enable_ecs_managed_tags = false
- health_check_grace_period_seconds = 0 -> null
iam_role = "ecsServiceRole"
~ id = "arn:aws:ecs:region:account-id:service/webapp" -> (known after apply)
~ launch_type = "EC2" -> (known after apply)
name = "webapp"
+ platform_version = (known after apply)
- propagate_tags = "NONE" -> null
scheduling_strategy = "REPLICA"
- tags = {} -> null
~ task_definition = "arn:aws:ecs:region:account-id:task-definition/im-staging-webapp:1968" -> (known after apply)
- deployment_controller {
- type = "ECS" -> null
}
load_balancer {
container_name = "nginx"
container_port = 80
target_group_arn = "arn:aws:elasticloadbalancing:region:account-id:targetgroup/im-staging0-webapp-alb-tg/b6a756a7c06a2054"
}
+ load_balancer { # forces replacement
+ container_name = "nginx"
+ container_port = 80
+ target_group_arn = (known after apply)
}
+ placement_strategy {
+ field = (known after apply)
+ type = (known after apply)
}
}
错误:
InvalidParameterException: You cannot specify an IAM role for services that require a service linked role.
status code: 400, request id: 514323ae-f95c-4dee-87d4-9647d2078c50 "webapp"
如果我从资源中删除iam_role参数,通常可以正常工作。