I am using the Compliant Framework for Federal and DoD Workloads in AWS GovCloud. I have 3 Mission Application Accounts corresponding to each of my environments (dev, qa, prod). Within each Mission Application Account I have an ECS Service that creates one ECS Fargate Task. I am attempting to use Terraform to configure the ECS Service to connect the Fargate Task to an IP style Target Group attached to an ALB I have in a separate (Transit) account (I have been able to do this manually already without the ECS Service by just spinning up the Fargate Task on its own and passing the private IP to the Target Group), however, I receive an error saying:
InvalidParameterException: Unable to assume role and validate the specified targetGroupArn. Please verify that the ECS service role being passed has the proper permissions
I attempted pass in a custom IAM Role that had said permissions but was given this error:
InvalidParameterException: You cannot specify an IAM role for services that require a service linked role.
As Service Linked Roles do not seem to be editable, I am unsure on how to provide the proper permissions to my ECS service in my Mission Application Account to the Target Group in my Transit Account.
