【发布时间】:2020-05-07 08:11:40
【问题描述】:
您好,我正在研究 AWS CDK。我正在尝试为我的任务定义创建日志记录。我有以下代码。
logDetail = logs.LogGroup(self, "MerchWebServicesLogGroup", log_group_name="/projects/merchwebserviceslog/apiservices", retention=logs.RetentionDays.SIX_MONTHS, removal_policy=core.RemovalPolicy.DESTROY)
task_definition = ecs.Ec2TaskDefinition(
self, "TaskDef", execution_role=MWSECSTaskExecutionRole)
container = task_definition.add_container(
"mw-service",
image=ecs.ContainerImage.from_registry("187628286232.dkr.ecr.ap-southeast-2.amazonaws.com/location/location-service:latest"),
memory_limit_mib=3072,
logging=ecs.LogDriver.aws_logs(stream_prefix = "mwservice", log_group=logDetail)
)
生成
TaskDef54694570:
Type: AWS::ECS::TaskDefinition
Properties:
ContainerDefinitions:
- Essential: true
Image: 123.dkr.amazonaws.com/location/location-service:latest
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group:
Ref: MerchWebServicesLogGroup94598F8F
awslogs-stream-prefix: mwservice
awslogs-region: ap-southeast-2
Memory: 3072
Name: mw-service
PortMappings:
- ContainerPort: 44319
HostPort: 0
Protocol: tcp
ExecutionRoleArn:
Fn::GetAtt:
- TaskDefExecutionRoleB4775C97
- Arn
Family: locationagentcdkTaskDef1C411958
NetworkMode: bridge
RequiresCompatibilities:
- EC2
TaskRoleArn:
Fn::GetAtt:
- TaskDefTaskRole1EDB4A67
- Arn
TaskDefExecutionRoleB4775C97:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Version: "2012-10-17"
Metadata:
aws:cdk:path: location-agent-cdk/TaskDef/ExecutionRole/Resource
TaskDefExecutionRoleDefaultPolicy0DBB737A:
Type: AWS::IAM::Policy
Properties:
PolicyDocument:
Statement:
- Action:
- logs:CreateLogStream
- logs:PutLogEvents
Effect: Allow
Resource: "*"
Version: "2012-10-17"
PolicyName: TaskDefExecutionRoleDefaultPolicy0DBB737A
Roles:
- Ref: TaskDefExecutionRoleB4775C97
问题是我不想传递任何 ExecutionRoleArn。如果我通过执行角色 ARN,我开始收到错误“无法初始化日志记录驱动程序”,否则工作正常。有人可以帮我解决这个问题吗?任何帮助,将不胜感激。谢谢
【问题讨论】:
标签: python amazon-ecs amazon-cloudwatch aws-cdk