- 最新
- 投票最多
- 评论最多
There are two roles associated with a Fargate task: The Task Role, and the Task Execution Role.
The Task Execution Role needs all the permissions needed to start the task, including pulling the container image from ECR, obtaining and decrypting any secrets needed to launch the container, and dispatching logs and telemetry data to CloudWatch. The container runtime runs in the Task Execution Role context.
The Task Role, on the other hand, needs all the permissions that are required by the task containers after launch. For example, if your application needs to access S3 or DynamoDB, the Task Role would contain those policies granting access to the application.
So it is important to distinguish those two roles: Task Execution role is used before launch; the Task Role is used after launch. It is possible that you associated the policies with the Task Role instead of the Task Execution role.
相关内容
- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 9 个月前
- AWS 官方已更新 2 年前
Thanks, that's a good suggestion but I have been adding permissions to the Task Execution Role. I tested adding PowerUser permissions to the Task Execution Role, and I still have exactly the same error, so I think it's not a permissions issue.
@mhairi, did you get this to work? I'm thinking it is a network issue, but cannot figure it out. thanks