Failed creation of IAM Autoscale role when adding autoscale to a ECS task

Question

I am adding some auto scaling setting to a ECS task

The idea is I will spawn new service when the length of the message queue increase, otherwise decrease

After I put in the definition as defined above, I got the following error message:

Failed creation of IAM Autoscale role

IAM Autoscale role could not create ecsAutoscaleRole: User: arn:aws:iam::796668560264:user/play-admin is not authorized to perform: iam:CreateRole on resource: arn:aws:iam::796668560264:role/ecsAutoscaleRole (Service: AmazonIdentityManagement; Status Code: 403; Error Code: AccessDenied; Request ID: 44ca4263-4aa3-11e7-b3ad-23809db2c1f6)

I have already followed the instruction here http://docs.aws.amazon.com/AmazonECS/latest/developerguide/autoscale_IAM_role.html to create the role ecsAutoscaleRole, so what is missing?

Question: How can I fix this? I do not want to grant my current IAM user any right to create new IAM users.

score 0 · Answer 1 · answered Jun 07 '17 at 12:57

0

You are choosing to create a new role during service/autoscale configuration.

Simply select existing role that you already created in IAM and it wont attempt to use your user's credentials to create a new role.

answered Jun 07 '17 at 12:57

Andrey

548
2
8

Failed creation of IAM Autoscale role when adding autoscale to a ECS task

1 Answers1