Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/amazon-web-services/13.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services aws fargate在任务定义中定义日志会导致云形成无法完成_Amazon Web Services_Amazon Cloudformation_Aws Fargate - Fatal编程技术网
Fatal编程技术网
  • amazon-web-services/
  • Amazon web services aws fargate在任务定义中定义日志会导致云形成无法完成

Amazon web services aws fargate在任务定义中定义日志会导致云形成无法完成

amazon-web-services amazon-cloudformation

Amazon web services aws fargate在任务定义中定义日志会导致云形成无法完成,amazon-web-services,amazon-cloudformation,aws-fargate,Amazon Web Services,Amazon Cloudformation,Aws Fargate,我正在尝试使用cloudformation创建我的第一个fargate集群和任务定义。如果在集群定义中省略awslogs部分,堆栈将成功完成,但如果添加它,任务定义将永远无法完成启动 以下是我的play集群的json任务定义 "ECSTaskDefinition" :{ "Type" : "AWS::ECS::TaskDefinition", "Properties" : { "Family" : "family", "RequiresCompatibilities" :

我正在尝试使用cloudformation创建我的第一个fargate集群和任务定义。如果在集群定义中省略awslogs部分,堆栈将成功完成,但如果添加它,任务定义将永远无法完成启动

以下是我的play集群的json任务定义

"ECSTaskDefinition" :{
  "Type" : "AWS::ECS::TaskDefinition",
  "Properties" : {
    "Family" : "family",
    "RequiresCompatibilities" : [ "FARGATE" ],
    "Memory" : "8192",
    "Cpu" : "2048",
    "NetworkMode" : "awsvpc",
    "ExecutionRoleArn" : {"Fn::GetAtt": ["InstanceRoleECSTaskExecution", "Arn"] },        
    "TaskRoleArn" : {"Fn::GetAtt": ["InstanceRoleECSTaskExecution", "Arn"] },
    "ContainerDefinitions" : [ 
      {
        "Name": "test",  
        "Image": "test-image",
        "LogConfiguration": {
          "LogDriver": "awslogs",
          "Options": {
            "awslogs-group": { "Ref": "TestLogGroup"},
            "awslogs-region": "AWS::Region",
            "awslogs-stream-prefix": "ecs"
          }
        },   
        "PortMappings": [
          {
            "HostPort": 8080,
            "Protocol": "tcp",   
            "ContainerPort": 8080
          }
        ],
        "Environment": [
          {
            "Name": "JAVA_OPTS",
            "Value": "config here"
          }
        ]            
      }
    ]
  }
},
以及我正在创建的IAM角色

    "IAMPolicyECSTaskExecution": {
  "Type": "AWS::IAM::Policy",
  "Properties": {
    "PolicyName" : "TestName",
    "PolicyDocument": {
      "Statement": [
        {
          "Action": [
           "ecs:CreateCluster",
           "ecs:DeregisterContainerInstance",
           "ecs:DiscoverPollEndpoint",
           "ecs:Poll",
           "ecs:RegisterContainerInstance",
           "ecs:StartTelemetrySession",
           "ecs:Submit*",
           "ecr:GetAuthorizationToken",
           "ecr:BatchCheckLayerAvailability",
           "ecr:GetDownloadUrlForLayer",
           "ecr:BatchGetImage",
           "logs:CreateLogStream",
           "logs:CreateLogGroup",
           "logs:PutLogEvents",
           "logs:DescribeLogGroups",
           "logs:DescribeLogStreams"
          ],
          "Resource": "*",
          "Effect": "Allow"
        }
      ]
    },
    "Roles" : [ { "Ref" : "InstanceRoleECSTaskExecution" } ]
  }
},
权限看起来很好,如果不是有点开放的话。我错过了什么?是否可能是awslogs流前缀配置?

您需要使用
Ref
函数在
Options
awslogs region
中指定区域,如下所示:
“awslogs region”:{“Ref”:“AWS::region”}
。这是因为
AWS::Region
是一个参数而不是字符串。谢谢。我看不见那棵树上的树林。这解决了问题。