By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Need to add ecs:DescribeServices permission to IAM role meta-ordinals-code-deploy but can't edit

0

I got this error while trying to deploy a service.

While creating a deployment group in CodeDeploy, I got this error message for IAM role meta-ordinals-code-deploy:

Could not load ECS service information for cluster: Meta-ordinals, service: meta-ordinals. Cause: User: arn:aws:sts::671892052100:assumed-role/meta-ordinals-code-deploy/20b0af90bd454172a772210b51ed4100 is not authorized to perform: ecs:DescribeServices on resource: arn:aws:ecs:us-east-1:671892052100:service/Meta-ordinals/meta-ordinals because no identity-based policy allows the ecs:DescribeServices action (Service: AmazonECS; Status Code: 400; Error Code: AccessDeniedException; Request ID: a47bfc46-3b92-40dc-a725-313ac05d0f07; Proxy: null)

ChatGPT says I need to add ecs:DescribeServices to the permissions. I can see the JSON but no edit button.

I am running was root. But don't have the ability to update the policy.

What do I need to do next?

Topics
Developer ToolsSecurity, Identity, & ComplianceContainersDevOps
Tags
AWS CodeDeployAWS Identity and Access ManagementAmazon Elastic Container ServiceDevOpsIAM Policies
Language
English
Daveed
asked 10 months ago400 views
1 Answer
1
Accepted Answer

Hi, what you can do is following: recreate a role that you will fully manage same permissions and policies attached to it than meta-ordinals-code-deploy.

And then you add to it the missing permission ecs:DescribeServices Finally, you update CodeDeploy execution role with the role you just created instead of meta-ordinals-code-deploy. It should then work.

Best, Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content