I am trying to make a step function that will start an ECS Fargate container with environment variables from the input. Whenever I try and run the function I get what seems to be an IAMs error, but I made a new IAMs account with the function. So it should have all of the needed permissions, and the account that I am using has nearly full permissions, so I don't know how it could be an IAMs issue.
{
"Comment": "A description of my state machine",
"StartAt": "ECS RunTask",
"States": {
"ECS RunTask": {
"Type": "Task",
"Resource": "arn:aws:states:::ecs:runTask.sync",
"Parameters": {
"LaunchType": "FARGATE",
"TaskDefinition": "arn:aws:ecs:us-east-1:---:task-definition/---",
"Overrides": {
"ContainerOverrides": [
{
"Name": "pls work",
"Environment": [
{
"Name": "INPUT",
"Value.$": "$.INPUT"
}
]
}
]
}
},
"Next": "Success"
},
"Success": {
"Type": "Succeed"
}
}
}
Here is the error that I am running into:
User: arn:aws:sts::---:assumed-role/StepFunctions-MyStateMachine---/--- is not authorized to perform: iam:PassRole on resource: arn:aws:iam::---:role/ecsTaskExecutionRole because no identity-based policy allows the iam:PassRole action (Service: AmazonECS; Status Code: 400; Error Code: AccessDeniedException; Request ID: ---; Proxy: null)
AWS 官方已更新 1 年前