Why I am getting "not authorized to perform: ecs:ListTasks on resource: *" exception on AWS API

Tamir Ohana

I'm trying to get a list of tasks that running on my ECS environment from AWS API, but I'm getting the same error all the time:

User: arn:aws:iam::[my_id]:user/[username] is not authorized to perform: ecs:ListTasks on resource: *

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ecs:RunTask",
                "ecs:ListTasks",
                "ecs:StartTask",
                "ecs:StopTask"
            ],
            "Resource": [
                "arn:aws:ecs:us-east-1:[my_id]:task/*",
                "arn:aws:ecs:us-east-1:[my_id]:task-definition/*",
                "arn:aws:ecs:us-east-1:[my_id]:cluster/*",
                "arn:aws:ecs:us-east-1:[my_id]:task-set/*/*/*",
                "arn:aws:ecs:us-east-1:[my_id]:container-instance/*",
                "arn:aws:ecs:us-east-1:[my_id]:service/*"
            ]
        }
    ]
}

So as you can see I should access the action with all the available resources. What am I missing?

Thank's.

Arun K

The listTasks action only supports container instances as the resources not the cluster arn. The cluster arn only could be added as a condition.

The following policy works.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "ecs:ListTasks",
            "Resource": "*",
            "Condition": {
                "ArnEquals": {
                    "ecs:cluster": "arn:aws:ecs:ap-southeast-2:[account id]:cluster/MyEcsCluster"
                }
            }
        }
    ]
}

Reference: Actions defined by Amazon Elastic Container Service (check the ListTasks action in this reference)

Hope this helps.

この記事はインターネットから収集されたものであり、転載の際にはソースを示してください。

侵害の場合は、連絡してください[email protected]

編集
0

コメントを追加

0

関連記事

Related 関連記事

ホットタグ

アーカイブ