Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-54886

ECS 1.18 plugin fails to launch slaves (not authorized to perform: iam:PassRole)


    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • amazon-ecs-plugin
    • None
    • Jenkins ver. 2.138.3
      amazon-ecs 1.18

      After upgrading to version 1.18 of the Jenkins ECS plugin, containers are no longer spawning on ECS.

      The error that is logged by Jenkins is as follows:

      com.amazonaws.services.ecs.model.AccessDeniedException: User: arn:aws:sts::<redacted>:assumed-role/<redacted> is not authorized to perform: iam:PassRole on resource: arn:aws:iam::<redacted> (Service: AmazonECS; Status Code: 400; Error Code: AccessDeniedException;

      Downgrading to version 1.17 resolves the issue.

      Did the 1.18 update introduce any required changes to the IAM role?  If so, I do not see any such changes explicitly documented in the release notes.


      Other information

      My Jenkins master is also running in ECS inside the same cluster as the build containers.  My current IAM role is similar to the example role listed in the plugin's wiki page.


            pgarbe Philipp Garbe
            jtancer Jon Tancer
            0 Vote for this issue
            2 Start watching this issue