Open bizzbyster opened 8 years ago
yes I definitely see your point... I get the same thing. Anyway, the sample policy shows what needs to be added for s3, but will need to add similar access policy for SQS.
Anyone still maintaining this? I'm running into the same issue. Is there a more robust version of this pattern that has all the bits in working order?
In my case, my ECS Task Role was missing SQS Permissions Policy. After attaching the SQS policy, it's fixed.
I'm trying to understand how this worked. When I run it i'm able to create the SQS task and launch the task but when the ECS task tries to read from the queue it gets the following error, which I have reproduced by logging into the shell script container (after preventing it from exiting):
root@f9910bdcd9d6:/# aws sqs receive-message --queue-url=https://queue.amazonaws.com/831754492748/ecs-test-plepeskaQueue --region=us-east-1
An error occurred (AccessDenied) when calling the ReceiveMessage operation: Access to the resource https://queue.amazonaws.com/ is denied.
And this makes sense b/c although I can see that the ecsInstanceRole has a policy that gives it access to the S3 bucket I can't see where it is given access to the SQS queue.
Has something changed since this worked? Or, is there another reason why access to the queue is denied?