Menu
I am trying to add an AWS ELB to a ECS Cluster Service using AWS CLI. I am using the following command:
aws ecs create-service --service-name ${SERVICE_NAME} --desired-count 1 --task-definition launch-test-app --load-balancers targetGroupArn=arn:aws:elasticloadbalancing:us-east-1:NNNNNNNNNNNN:loadbalancer/app/bw-test/edfe7f7c15e40d56,containerName=launch-test-app,containerPort=8080 --role arn:aws:iam::NNNNNNNNNNNN:role/service-role/bw-metering-role --cluster ${CLUSTER} --region ${REGION}
The Role 'bw-metering-role' has following policies attached:
And the Role also has following Trust Relationship:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ecs.amazonaws.com",
"ec2.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
But still I am getting following error while executing the above AWS CLI command:
An error occurred (InvalidParameterException) when calling the CreateService operation: Unable to assume role and validate the specified targetGroupArn. Please verify that the ECS service role being passed has the proper permissions.
I have searched and found some solutions, but with no positive result.
789
After going through AWS documentation, I found that for classic load balancers we should provide the following details (loadBalancerName):
--load-balancers loadBalancerName=bwce-lb,containerName=launch-test-app,containerPort=8080
And for application load balancers (which is my case), we should provide following details (targetGroupArn):
--load-balancers targetGroupArn=arn:aws:elasticloadbalancing:us-east-1:750037626691:targetgroup/default/85fd830384028e21,containerName=launch-test-app,containerPort=8080
The problem in my previous input values was that, I was providing the LoadBalancer ARN in the 'targetGroupArn' field instead of providing the TargetGroupARN. Once I fixed the traget group ARN issue, it started working fine.
189
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
