For the most recent update on ongoing service disruptions affecting the AWS Middle East (UAE) Region (ME-CENTRAL-1), refer to the AWS Health Dashboard. For information on AWS Service migration, see How do I migrate my services to another region?
AWS EventBridge issue when try to scehdule AWS ECS task to process
Hello,
I’ve been learning to work with AWS for a while and I’m running into a problem. I created a Docker container, uploaded it to ECR, and made a cluster in ECS from it. When I run a new task manually from this cluster, everything works fine — as expected, I receive an Excel report in S3.
I decided to automate the process by setting up a schedule using EventBridge. However, the schedule didn’t work. After checking with ChatGPT, it turned out that I need to set the Auto-assign public IP field to Enabled, but as shown in the screenshot, I only have the Disabled option.
I double-checked this by running the task manually again, but this time without a public IP, and the result was the same — the task ran, but there was no new version of the Excel report in S3. (This confirmed that the issue is the lack of a public IP.)
I verified with ChatGPT and reviewed all the possible problems it suggested:
Whether the subnets are public
Whether the network mode is awsvpc
IAM permissions
Unfortunately, there’s no change. The Enable option is still missing, and I can’t configure the schedule. When I run the task manually (with a public IP), everything works fine.
I would really appreciate any help, as I’ve exhausted all options — clearly, I’m missing something.
- Newest
- Most votes
- Most comments
I think this is a bug in AWS EventBridge Scheduler UI as I can also only see the DISABLED option in the browser (cleared cache and latest version of Chrome). I used a a subnet with routing to IGW but no luck. I checked ap-southeast-2 and us-west-2 region and same screen.
Then, I tried selecting "Universal target definition" option that gave a JSON file and edited manually as shown below.
Then, if I deselect "Universal target definition" option, the UI showed the ENABLED option in both IP settings section and in summary page.
Based on your description, you're encountering an issue with scheduling an ECS task via EventBridge where the "Auto-assign public IP" option is only showing "Disabled" and not "Enabled".
This is likely related to your network configuration. When using the awsvpc network mode (which is required for Fargate tasks), you need to properly configure the NetworkConfiguration for your task to have internet access.
Here are some key points to consider:
- For ECS tasks that need internet access, you have two options:
- Use public subnets with "Auto-assign public IP" set to ENABLED
- Use private subnets with a NAT Gateway
-
Security considerations: Assigning public IPs to ECS tasks can pose security risks. AWS Security Hub actually has a control that flags this as a high-severity issue, as ECS tasks shouldn't be publicly accessible to prevent unintended access to your container applications.
-
For your EventBridge scheduled task, you need to ensure:
- The EventBridge IAM role (
ecsEventsRole) has the necessary permissions to run ECS tasks - The role has the
AmazonEC2ContainerServiceEventsRolepolicy attached - If your task uses task execution roles or task roles, the EventBridge role needs
iam:PassRolepermissions for those roles
Instead of trying to enable public IP assignment, consider:
- Using private subnets with a NAT Gateway for outbound internet access
- Ensuring your VPC configuration allows the task to access the required AWS services (like S3) through VPC endpoints if you don't need general internet access
This approach would be more secure while still allowing your scheduled task to function properly and write to S3.
Sources
Amazon ECS EventBridge IAM Role - Amazon Elastic Container Service
EcsParameters - Amazon EventBridge
Security Hub controls for Amazon ECS - AWS Security Hub
Hello.
I checked my AWS account and confirmed that "Enabled" can be selected from EventBridge Scheduler.
This suggests that there may be a failure to load part of the management console on your PC or browser.
I recommend that you try accessing the site from a different browser or PC.
If you just want to access AWS services from ECS, it is recommended that you use a VPC endpoint as described in the re:Post Agent's AI automated response.
Many thanks for the support, issue was fixed!
In Select target stage, I used Universal target definition and manually changed to Enable. It was still not working and decide to check full code in Chat GPT, it made some corrections (for example added: "LaunchType": "FARGATE" ) saved schdule and this time works.
It is look like that UI of AWS is not optimised for selecting target and it is better to use code.
Relevant content
- asked 3 years ago
