Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-54898

ECS Plugin 1.18 cannot launch slaves



    • Bug
    • Status: Closed (View Workflow)
    • Critical
    • Resolution: Fixed
    • amazon-ecs-plugin
    • None
    • Jenkins 2.138.2
      amazon-ecs 1.18
    • v1.19


      After upgrading from v1.16 to 1.18 of the ECS plugin, no ECS slaves were able to be launched.

      We are using EC2 as the launch type (not fargate).

      The error message in the log is as follows:

      [digital-ci-devops-zv5qp]: Error in provisioning; agent=com.cloudbees.jenkins.plugins.amazonecs.ECSSlave[digital-ci-devops-zv5qp]
      com.amazonaws.services.ecs.model.AccessDeniedException: User: arn:aws:sts::[******]:assumed-role/[******] is not authorized to perform: iam:PassRole on resource: arn:aws:iam::[******]:role/ecsTaskExecutionRole (Service: AmazonECS; Status Code: 400; Error Code: AccessDeniedException; Request ID: [******])
          at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1658)
          at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1322)

      I was able to fix the problem by going into the build slave configuration and changing the field "Task Execution Role ARN" from the default value of "ecsTaskExecutionRole" to "" (empty string).

      However, if an admin opens the jenkins system config, all the build slave configs (20+) will have the "Task Execution Role ARN" field reset back to their default value. If the config is saved, the problem will reoccur

      What I believe is happening is that on v1.18, the plugin is incorrectly applying the task execution role to EC2 launch type slaves (should only be applied to fargate launch type).

      Reverting the plugin back to v1.16 resolved the problem.


        Issue Links


            ajcarter Aidan Carter created issue -
            ccaraivan Costin Caraivan made changes -
            Field Original Value New Value
            Priority Major [ 3 ] Critical [ 2 ]
            drochefort Dominique Rochefort made changes -
            pgarbe Philipp Garbe made changes -
            Assignee Jan Roehrich [ roehrijn2 ] Philipp Garbe [ pgarbe ]
            pgarbe Philipp Garbe made changes -
            Link This issue is duplicated by JENKINS-54886 [ JENKINS-54886 ]
            pgarbe Philipp Garbe made changes -
            Released As v1.19
            Resolution Fixed [ 1 ]
            Status Open [ 1 ] Fixed but Unreleased [ 10203 ]
            pgarbe Philipp Garbe made changes -
            Status Fixed but Unreleased [ 10203 ] Resolved [ 5 ]
            pgarbe Philipp Garbe made changes -
            Status Resolved [ 5 ] Closed [ 6 ]


              pgarbe Philipp Garbe
              ajcarter Aidan Carter
              2 Vote for this issue
              6 Start watching this issue