0

I'm trying out teraform for managing my infrastructure and got into a bit of an issue and I'm not sure what to look for.

I'm attempting to create a capacity provider for my ECS cluster however I'm getting the following error

ClientException: The capacity provider could not be created because you do not have autoscaling:CreateOrUpdateTags permissions to create tags on the Auto Scaling group

Below are my files:

Launch config and autoscale group creation

resource "aws_launch_configuration" "ecs_launch_configuration" {
    name = "ecs_launch_configuration"
    image_id = "ami-0fe19057e9cb4efd8"
    user_data = "#!/bin/bash\necho ECS_CLUSTER=ecs_cluster >> /etc/ecs/ecs.config"
    security_groups = [aws_security_group.vpc_securityGroup.id]
    iam_instance_profile = aws_iam_instance_profile.iam_role_profile.name
    key_name = "key_pair_name"
    instance_type = "t2.small"
}

resource "aws_autoscaling_group" "ecs_autoScale_group" {
    name                      = "ecs_autoScale_group"
    desired_capacity          = 1
    min_size                  = 1
    max_size                  = 2
    launch_configuration = aws_launch_configuration.ecs_launch_configuration.name
    vpc_zone_identifier = [aws_subnet.vpc_subnet_public.id]
    tag {
        key                 = "AmazonECSManaged"
        value               = true
        propagate_at_launch = true
    }
}

ECS Cluster and capacity provider creation

resource "aws_ecs_cluster" "ecs_cluster"{
    name = "ecs_cluster"
    capacity_providers = [ aws_ecs_capacity_provider.ecs_capacity_provider.name ]
}

resource "aws_ecs_capacity_provider" "ecs_capacity_provider" {
    name = "ecs_capacity_provider"
    auto_scaling_group_provider {
        auto_scaling_group_arn = aws_autoscaling_group.ecs_autoScale_group.arn
        managed_scaling {
            maximum_scaling_step_size = 2
            minimum_scaling_step_size = 1
            status                    = "ENABLED"
            target_capacity           = 1
        }
    }
}

I was able to create this from the console's GUI, however only terraform returns this error.

Help would be greatly appreciated.

Thanks in advance.

joebegborg07
  • 809
  • 5
  • 14
  • 23
  • The error message looked pretty clear to me. What identity or role does Terraform use? It doesn't have a permission it needs. "you do not have autoscaling:CreateOrUpdateTags permissions to create tags on the Auto Scaling group" – Tim Nov 26 '21 at 20:07

1 Answers1

0

It sounds like your console GUI user and your CLI user have different permissions. Are you running terraform from some CI/CD pipeline perhaps?

What if you run this terrafotm script from CloudShell (CLI terminal icon in the top-right group of icons, next to account, support, etc)? That will have the same permissions as your GUI user - good way to narrow down if it’s a problem with your TF or with the creds.

MLu
  • 23,798
  • 5
  • 54
  • 81