aws - ECS capacity provider permission

joebegborg07

3/26/23, 3:15 PM

I'm trying out teraform for managing my infrastructure and got into a bit of an issue and I'm not sure what to look for.

I'm attempting to create a capacity provider for my ECS cluster however I'm getting the following error

ClientException: The capacity provider could not be created because you do not have autoscaling:CreateOrUpdateTags permissions to create tags on the Auto Scaling group

Below are my files:

Launch config and autoscale group creation

resource "aws_launch_configuration" "ecs_launch_configuration" {
    name = "ecs_launch_configuration"
    image_id = "ami-0fe19057e9cb4efd8"
    user_data = "#!/bin/bash\necho ECS_CLUSTER=ecs_cluster >> /etc/ecs/ecs.config"
    security_groups = [aws_security_group.vpc_securityGroup.id]
    iam_instance_profile = aws_iam_instance_profile.iam_role_profile.name
    key_name = "key_pair_name"
    instance_type = "t2.small"
}

resource "aws_autoscaling_group" "ecs_autoScale_group" {
    name                      = "ecs_autoScale_group"
    desired_capacity          = 1
    min_size                  = 1
    max_size                  = 2
    launch_configuration = aws_launch_configuration.ecs_launch_configuration.name
    vpc_zone_identifier = [aws_subnet.vpc_subnet_public.id]
    tag {
        key                 = "AmazonECSManaged"
        value               = true
        propagate_at_launch = true
    }
}

ECS Cluster and capacity provider creation

resource "aws_ecs_cluster" "ecs_cluster"{
    name = "ecs_cluster"
    capacity_providers = [ aws_ecs_capacity_provider.ecs_capacity_provider.name ]
}

resource "aws_ecs_capacity_provider" "ecs_capacity_provider" {
    name = "ecs_capacity_provider"
    auto_scaling_group_provider {
        auto_scaling_group_arn = aws_autoscaling_group.ecs_autoScale_group.arn
        managed_scaling {
            maximum_scaling_step_size = 2
            minimum_scaling_step_size = 1
            status                    = "ENABLED"
            target_capacity           = 1
        }
    }
}

I was able to create this from the console's GUI, however only terraform returns this error.

Help would be greatly appreciated.

Thanks in advance.

0 + 0

amazon-web-services

terraform

amazon-ecs

Tim

3/26/23, 8:07 PM

The error message looked pretty clear to me. What identity or role does Terraform use? It doesn't have a permission it needs. "you do not have autoscaling:CreateOrUpdateTags permissions to create tags on the Auto Scaling group"

Score:0

Server

MLu

3/26/23, 8:08 PM

It sounds like your console GUI user and your CLI user have different permissions. Are you running terraform from some CI/CD pipeline perhaps?

What if you run this terrafotm script from CloudShell (CLI terminal icon in the top-right group of icons, next to account, support, etc)? That will have the same permissions as your GUI user - good way to narrow down if it’s a problem with your TF or with the creds.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: aws - ECS capacity provider permission

TH: aws - การอนุญาตผู้ให้บริการความจุ ECS

RO: aws - permisiunea furnizorului de capacitate ECS

RU: aws — разрешение поставщика емкости ECS

VI: aws - Quyền của nhà cung cấp năng lực ECS

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.