AWS CloudFormation how to Associate IAM Role with ECS Task Definition - 'InvalidParameterException'
I recently switched to I'm attempting to set up After trying multiple solutions online, I still can't figure this out. I'm trying to create an ECS service using AWS CloudFormation, but I'm running into issues associating an IAM role with my ECS task definition... When I attempt to deploy my stack, I receive an 'InvalidParameterException' behavior, which states that the specified task definition is invalid due to an invalid IAM role ARN. Here's a simplified version of my CloudFormation YAML: ```yaml Resources: MyTaskExecutionRole: Type: AWS::IAM::Role Properties: RoleName: MyEcsTaskExecutionRole AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: ecs-tasks.amazonaws.com Action: sts:AssumeRole Policies: - PolicyName: MyEcsTaskExecutionPolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - ecr:GetAuthorizationToken - ecr:BatchGetImage - ecr:BatchCheckLayerAvailability - logs:CreateLogStream - logs:PutLogEvents Resource: '*' MyTaskDefinition: Type: AWS::ECS::TaskDefinition Properties: Family: MyTaskFamily TaskRoleArn: !GetAtt MyTaskExecutionRole.Arn ExecutionRoleArn: !GetAtt MyTaskExecutionRole.Arn ContainerDefinitions: - Name: MyContainer Image: my-image:latest Memory: 512 Cpu: 256 Essential: true LogConfiguration: LogDriver: awslogs Options: awslogs-group: !Ref LogGroup awslogs-region: !Ref AWS::Region awslogs-stream-prefix: ecs MyService: Type: AWS::ECS::Service Properties: Cluster: !Ref MyCluster TaskDefinition: !Ref MyTaskDefinition DesiredCount: 1 LaunchType: FARGATE NetworkConfiguration: AwsvpcConfiguration: Subnets: - !Ref SubnetId SecurityGroups: - !Ref MySecurityGroup AssignPublicIp: ENABLED ``` I've double-checked my IAM role permissions to ensure they are correct, and I've also validated that the role is created before the task definition. I’ve ensured that the `ExecutionRoleArn` and `TaskRoleArn` point to the correct role using `!GetAtt MyTaskExecutionRole.Arn`, but I still get the same behavior. I've also tried hardcoding the ARN to see if that bypasses the behavior, but I still get the same result. Are there any known issues with associating IAM roles in CloudFormation for ECS tasks, or might I be missing a critical configuration detail? Any guidance would be greatly appreciated! For context: I'm using Yaml on Linux. What am I doing wrong? Any ideas what could be causing this? I'm developing on Ubuntu 20.04 with Yaml. What's the best practice here? This is part of a larger application I'm building. Any help would be greatly appreciated!