AWS announces preview of AWS Interconnect - multicloud

AWS announces AWS Interconnect – multicloud (preview), providing simple, resilient, high-speed private connections to other cloud service providers. AWS Interconnect - multicloud is easy to configure and provides high-speed, resilient connectivity with dedicated bandwidth, enabling customers to interconnect AWS networking services such as AWS Transit Gateway, AWS Cloud WAN, and Amazon VPC to other cloud service providers with ease.

How do I troubleshoot CloudFormation error "Error occurred during operation 'CreateCluster SDK error: Service Unavailable. Please try again later."?

2 minute read

Content level: Intermediate

I want to troubleshoot the above error in CloudFormation stack launched while creating ECS Cluster

Short description

You might receive the following error due to a missing IAM service role, AWSServiceRoleForECS. This service linked role is created automatically when a cluster is launched via the ECS console. However, if the service is unable to create the service linked role due to explicit deny in the service control policy (SCP) the ECS CloudFormation stack fails with the above error.

Note: This issue usually occurs when you are creating the cluster for the first time in the account and the service role AWSServiceRoleForECS has not been created by ECS service.

Resolution

Ensure the IAM user/role who performed the ECS CreateCluster API has iam:CreateRole, iam:CreateServiceLinkedRole permissions.
Review the SCP policies attached to the account/OU and verify if the user/role has the required permissions to perform iam:CreateRole, iam:CreateServiceLinkedRole actions.
In order to create the "AWSServiceRoleForECS" service linked role manually and retry the cluster creation, you can run the below mentioned AWS CLI command to create the ECS service linked role.

aws iam create-service-linked-role --aws-service-name ecs.amazonaws.com

Currently AWS allows the creation of ECS Service Linked Role using the above AWS CLI command.

Related information

[+] Using service-linked roles for Amazon ECS

[+] Create a service-linked role

Co-author: Sanchi

Topics: Management & Governance Containers
Tags: ECS Service Discovery AWS CloudFormation
Language: English

SUPPORT ENGINEER

Hemanth

published 8 months ago222 views

No comments

Relevant content

How to troubleshoot "Error occurred during operation 'DeleteClusters SDK Error: The Cluster cannot be deleted while Services are active." when deleting ECS cluster from CloudFormation?
EXPERT
SukanyaSuram
published 8 months ago
ECS Deployment Circuit Breaker was triggered.
EXPERT
Chethangowda B C
published 8 months ago
How to troubleshoot error “Uploaded file must be a non_empty zip” when updating a Lambda function using AWS CloudFormation ?
SUPPORT ENGINEER
Nikhil
published 8 months ago
Service Unavailable. Please try again later. (Service: AmazonECS; Status Code: 500; Error Code: ServerException; Request ID: ab4946dd-0492-4e95-bcc3-35126b76396b; Proxy: null)
S
asked a month ago
Audit Manager created with CloudFormation doesn't add contorls
Dimitrije Drobac
asked 2 months ago
I get a generic "An error occurred while attempting to create the stack". How do I troubleshoot this?
Accepted Answer
bbaronas
asked 2 years ago
How do I troubleshoot errors caused by CloudFormation macros ?
AWS OFFICIALUpdated 2 years ago
How do I troubleshoot CloudFormation module errors?
AWS OFFICIALUpdated 2 years ago
How do I resolve the CloudFormation stack set errors "no stack instance found" or "Organizational unit not found in StackSet"?
AWS OFFICIALUpdated 2 years ago
How do I troubleshoot missing permission errors in CloudFormation?
AWS OFFICIALUpdated 2 years ago