- 新しい順
- 投票が多い順
- コメントが多い順
There are two roles associated with a Fargate task: The Task Role, and the Task Execution Role.
The Task Execution Role needs all the permissions needed to start the task, including pulling the container image from ECR, obtaining and decrypting any secrets needed to launch the container, and dispatching logs and telemetry data to CloudWatch. The container runtime runs in the Task Execution Role context.
The Task Role, on the other hand, needs all the permissions that are required by the task containers after launch. For example, if your application needs to access S3 or DynamoDB, the Task Role would contain those policies granting access to the application.
So it is important to distinguish those two roles: Task Execution role is used before launch; the Task Role is used after launch. It is possible that you associated the policies with the Task Role instead of the Task Execution role.
関連するコンテンツ
AWS公式更新しました 9ヶ月前- AWS公式更新しました 2年前
Thanks, that's a good suggestion but I have been adding permissions to the Task Execution Role. I tested adding PowerUser permissions to the Task Execution Role, and I still have exactly the same error, so I think it's not a permissions issue.
@mhairi, did you get this to work? I'm thinking it is a network issue, but cannot figure it out. thanks