我正在尝试使用 cloudformation 创建我的第一个 Fargate 集群和任务定义。如果我在集群定义中省略 awslogs 部分,则堆栈成功完成,但如果我添加它,则任务定义永远不会完成启动。
这是我的游戏集群在json中的任务定义
"ECSTaskDefinition" :{
"Type" : "AWS::ECS::TaskDefinition",
"Properties" : {
"Family" : "family",
"RequiresCompatibilities" : [ "FARGATE" ],
"Memory" : "8192",
"Cpu" : "2048",
"NetworkMode" : "awsvpc",
"ExecutionRoleArn" : {"Fn::GetAtt": ["InstanceRoleECSTaskExecution", "Arn"] },
"TaskRoleArn" : {"Fn::GetAtt": ["InstanceRoleECSTaskExecution", "Arn"] },
"ContainerDefinitions" : [
{
"Name": "test",
"Image": "test-image",
"LogConfiguration": {
"LogDriver": "awslogs",
"Options": {
"awslogs-group": { "Ref": "TestLogGroup"},
"awslogs-region": "AWS::Region",
"awslogs-stream-prefix": "ecs"
}
},
"PortMappings": [
{
"HostPort": 8080,
"Protocol": "tcp",
"ContainerPort": 8080
}
],
"Environment": [
{
"Name": "JAVA_OPTS",
"Value": "config here"
}
]
}
]
}
},
以及我正在创建的 IAM 角色。
"IAMPolicyECSTaskExecution": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName" : "TestName",
"PolicyDocument": {
"Statement": [
{
"Action": [
"ecs:CreateCluster",
"ecs:DeregisterContainerInstance",
"ecs:DiscoverPollEndpoint",
"ecs:Poll",
"ecs:RegisterContainerInstance",
"ecs:StartTelemetrySession",
"ecs:Submit*",
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"logs:CreateLogStream",
"logs:CreateLogGroup",
"logs:PutLogEvents",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams"
],
"Resource": "*",
"Effect": "Allow"
}
]
},
"Roles" : [ { "Ref" : "InstanceRoleECSTaskExecution" } ]
}
},
权限看起来不错,如果不是有点开放的话。我错过了什么?可能是 awslogs-stream-prefix 配置吗?