【发布时间】:2022-07-25 00:13:27
【问题描述】:
我是 Terraform 的新手,我正在尝试将 Docker 映像从 AWS ECR 部署到 ECS。但是,我收到以下错误。有人可以帮助解决这个问题吗?
ResourceInitializationError: unable to pull secrets or registry auth:
execution resource retrieval failed: unable to retrieve ecr registry
auth: service call has been retried 1 time(s):
AccessDeniedException: User: arn:aws:sts::AccountID:assumed-role/ecsExecution-1/25d077c2af604f4e93feead72a141e3g is not authorized to perform:
ecr:GetAuthorizationToken on resource: *
because no identity-based policy allows the
ecr:GetAuthorizationToken action
status code: 400, request id: 1a1bee4c-5ab6-4b44-bbf8-5586edea6b3g*
这是我的代码
resource \"aws_ecs_cluster\" \"first-cluster\" {
name = \"test-docker-deploy\"
}
resource \"aws_ecs_task_definition\" \"first-task\" {
family = \"first-task\"
container_definitions = <<TASK_DEFINITION
[
{
\"name\": \"first-task\",
\"image\": \"899696473236.dkr.ecr.us-east-1.amazonaws.com/first-repo:nginx-demo\",
\"cpu\": 256,
\"memory\": 512,
\"essential\": true,
\"portMappings\": [
{
\"containerPort\": 80,
\"hostPort\": 80
}
]
}
]
TASK_DEFINITION
requires_compatibilities = [\"FARGATE\"]
network_mode = \"awsvpc\"
cpu = 256
memory = 512
execution_role_arn = \"${aws_iam_role.Execution_Role.arn}\"
}
resource \"aws_iam_role\" \"Execution_Role\" {
name = \"ecsExecution-1\"
assume_role_policy = \"${data.aws_iam_policy_document.role_policy.json}\"
}
data \"aws_iam_policy_document\" \"role_policy\" {
statement {
actions = [\"sts:AssumeRole\"]
principals {
type = \"Service\"
identifiers = [\"ecs-tasks.amazonaws.com\"]
}
}
}
resource \"aws_ecs_service\" \"first-service\"{
name = \"docker-service\"
cluster = \"${aws_ecs_cluster.first-cluster.id}\"
task_definition = \"${aws_ecs_task_definition.first-task.arn}\"
launch_type = \"FARGATE\"
desired_count = 1
network_configuration {
subnets = [\"${aws_default_subnet.subnet-a.id}\"]
assign_public_ip = true
}
}
resource \"aws_default_vpc\" \"default\" {
}
resource \"aws_default_subnet\" \"subnet-a\" {
availability_zone = \"us-east-1a\"
}
标签: amazon-web-services terraform amazon-ecs terraform-provider-aws amazon-ecr