Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

How to associate a IAM Role with the container execution like ECS does?

0

I would like to use something like AWS.ECSCredentials inside my container running on App Runner in other to use AWS services with a provided configured role.

AWS.config.credentials = new AWS.ECSCredentials({ httpOptions: { timeout: 5000 }, maxRetries: 10 });

I found out that there is a InstanceRoleArn property on InstanceConfiguration settings but I have already tried many roles I created and none of them seems to be accepted by App Runner.

Temas
Seguridad, identidad y cumplimiento
Etiquetas
AWS Identity and Access Management
Idioma
English
onhate
preguntada hace 3 años316 visualizaciones
1 Respuesta
1

The trick part is the Allow sts:assumeRole for service tasks.apprunner.amazonaws.com

Resources:
    InstanceRole:
      Type: AWS::IAM::Role
      Properties:
        RoleName: AppRunnerExecutionRole
        MaxSessionDuration: 28800 # 8h
        ManagedPolicyArns:
            - arn:aws:iam::aws:policy/AmazonS3FullAccess
        AssumeRolePolicyDocument:
          Statement:
            - Effect: Allow
              Action: sts:AssumeRole
              Principal:
                Service: tasks.apprunner.amazonaws.com

    AppRunnerService:
      Type: AWS::AppRunner::Service
      Properties:
        ServiceName: service
        SourceConfiguration:
          AuthenticationConfiguration:
            AccessRoleArn: "arn:aws:iam::xxx:role/service-role/AppRunnerECRAccessRole"
          AutoDeploymentsEnabled: true
          ImageRepository:
            ImageIdentifier: "xxx.dkr.ecr.us-east-1.amazonaws.com/xxx:latest"
            ImageRepositoryType: ECR
            ImageConfiguration:
              Port: 8080
        InstanceConfiguration:
          Cpu: 2048
          Memory: 4096
          InstanceRoleArn:
            Fn::GetAtt: [ InstanceRole, Arn ]
onhate
respondido hace 3 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante