Need to add ecs:DescribeServices permission to IAM role meta-ordinals-code-deploy but can't edit

Question

I got this error while trying to deploy a service.

While creating a deployment group in CodeDeploy, I got this error message for IAM role meta-ordinals-code-deploy:

Could not load ECS service information for cluster: Meta-ordinals, service: meta-ordinals. Cause: User: arn:aws:sts::671892052100:assumed-role/meta-ordinals-code-deploy/20b0af90bd454172a772210b51ed4100 is not authorized to perform: ecs:DescribeServices on resource: arn:aws:ecs:us-east-1:671892052100:service/Meta-ordinals/meta-ordinals because no identity-based policy allows the ecs:DescribeServices action (Service: AmazonECS; Status Code: 400; Error Code: AccessDeniedException; Request ID: a47bfc46-3b92-40dc-a725-313ac05d0f07; Proxy: null)

ChatGPT says I need to add ecs:DescribeServices to the permissions. I can see the JSON but no edit button.

I am running was root. But don't have the ability to update the policy.

What do I need to do next?

Accepted Answer

Hi, what you can do is following: recreate a role that you will fully manage same permissions and policies attached to it than meta-ordinals-code-deploy.

And then you add to it the missing permission ecs:DescribeServices
Finally, you update CodeDeploy execution role with the role you just created instead of meta-ordinals-code-deploy.
It should then work.

Best,
Didier

Need to add ecs:DescribeServices permission to IAM role meta-ordinals-code-deploy but can't edit

Relevanter Inhalt