Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-33731

iam user is not authorized to perform: ecs:RegisterTaskDefinition on resource: *

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Minor
    • Resolution: Unresolved
    • amazon-ecs-plugin
    • Jenkins version: 1.642.2, plugin version:1.2 (archives) . I use the docker hub to install Jenkins.

    Description

      I want to add a new cloud and and a new slave template. I use the same iam policy showed in the documentation. And I chose the name of the ECS Cluster to "default". when I created a slave template and click save, it showed the JAVA error " Caused by: com.amazonaws.AmazonServiceException: User: arn:aws:iam::040653710277:user/ecs-jenkinsbot is not authorized to perform: ecs:RegisterTaskDefinition on resource: * (Service: AmazonECS; Status Code: 400; Error Code: AccessDeniedException; Request ID: 8b5a6f59-efa5-11e5-bf1e-5fbd8a5dcc6b)]". After I changed the IAM role, problem solved. However, I just want jenkins to ONLY have permissions to register task in my cluster default. So what shall I do?

      Attachments

        Activity

          I had the same issue. This is a mistake in the documentation.

          You should add the following resources in your AWS policy:

          "arn:aws:ecs:<region>:<account-id>:task-definition/jenkins-slave:*"

          I found this by connecting to my instance and using aws ecs commands

          cesartl Cesar Tron-Lozai added a comment - I had the same issue. This is a mistake in the documentation. You should add the following resources in your AWS policy: "arn:aws:ecs:<region>:<account-id>:task-definition/jenkins-slave:*" I found this by connecting to my instance and using aws ecs commands

          People

            cjyxbc juyuan cai
            cjyxbc juyuan cai
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: