Can not update my existing ECS service to enable execute command

[bugb]

Confirm by changing [ ] to [x] below:

• [x] I've gone though the User Guide and the API reference
• [x] I've searched for previous similar issues and didn't find any solution

Issue is about usage on:

• [x] Service API : I want to update an ECS service to with --enable-execute-command flag
• [ ] CLI : passing arguments or cli configurations.
• [ ] Other/Not sure.

Platform/OS/Hardware/Device What are you running the cli on?

aws-cli/2.2.13 Python/3.8.8 Linux/5.3.0-1023-aws exe/x86_64.ubuntu.18 prompt/off

Describe the question I want to update an ECS service to with --enable-execute-command flag but it is not success.

Logs/output Get full traceback and error logs by adding --debug to the command.

Command:

aws ecs update-service --service my-service --task-definition my-task --enable-execute-command --cluster my-cluster --debug

2021-06-22 11:03:36,575 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/2.2.13 Python/3.8.8 Linux/5.3.0-1023-aws exe/x86_64.ubuntu.18
2021-06-22 11:03:36,575 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['ecs', 'update-service', '--service', 'my-service', '--task-definition', 'bc-admin-api:571', '--enable-execute-command', '--cluster', 'Staging-BC-ECS-Apps-Fargate-C1', '--debug']
2021-06-22 11:03:36,587 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_s3 at 0x7f1e65f79670>
2021-06-22 11:03:36,588 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_ddb at 0x7f1e660f3160>
2021-06-22 11:03:36,588 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method BasicCommand.add_command of <class 'awscli.customizations.configure.configure.ConfigureCommand'>>
2021-06-22 11:03:36,588 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function change_name at 0x7f1e66118af0>
2021-06-22 11:03:36,588 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function change_name at 0x7f1e66122940>
2021-06-22 11:03:36,588 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function alias_opsworks_cm at 0x7f1e65f450d0>
2021-06-22 11:03:36,588 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_history_commands at 0x7f1e660b8f70>
2021-06-22 11:03:36,588 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method BasicCommand.add_command of <class 'awscli.customizations.devcommands.CLIDevCommand'>>
2021-06-22 11:03:36,588 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_waiters at 0x7f1e65f3c310>
2021-06-22 11:03:36,588 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/v2/2.2.13/dist/awscli/data/cli.json
2021-06-22 11:03:36,592 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_types at 0x7f1e65fee1f0>
2021-06-22 11:03:36,592 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function no_sign_request at 0x7f1e65feed30>
2021-06-22 11:03:36,592 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_verify_ssl at 0x7f1e65feeca0>
2021-06-22 11:03:36,592 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_cli_read_timeout at 0x7f1e65feee50>
2021-06-22 11:03:36,593 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_cli_connect_timeout at 0x7f1e65feedc0>
2021-06-22 11:03:36,593 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <built-in method update of dict object at 0x7f1e65e5a680>
2021-06-22 11:03:36,593 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/2.2.13 Python/3.8.8 Linux/5.3.0-1023-aws exe/x86_64.ubuntu.18 prompt/off
2021-06-22 11:03:36,594 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['ecs', 'update-service', '--service', 'my-service', '--task-definition', 'my-task', '--enable-execute-command', '--cluster', 'my-cluster', '--debug']
2021-06-22 11:03:36,594 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_timestamp_parser at 0x7f1e65f79ca0>
2021-06-22 11:03:36,594 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function register_uri_param_handler at 0x7f1e669d0c10>
2021-06-22 11:03:36,594 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_binary_formatter at 0x7f1e65ea2b80>
2021-06-22 11:03:36,594 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function no_pager_handler at 0x7f1e669ce0d0>2021-06-22 11:03:36,594 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_assume_role_provider_cache at 0x7f1e6693a8b0>
2021-06-22 11:03:36,595 - MainThread - botocore.utils - DEBUG - IMDS ENDPOINT: http://169.254.169.254/
2021-06-22 11:03:36,597 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function attach_history_handler at 0x7f1e660b8e50>
2021-06-22 11:03:36,597 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_json_file_cache at 0x7f1e660edf70>
2021-06-22 11:03:36,610 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/v2/2.2.13/dist/botocore/data/ecs/2014-11-13/service-2.json
2021-06-22 11:03:36,620 - MainThread - botocore.hooks - DEBUG - Event building-command-table.ecs: calling handler <function inject_commands at 0x7f1e65fdd9d0>
2021-06-22 11:03:36,621 - MainThread - botocore.hooks - DEBUG - Event building-command-table.ecs: calling handler <function add_waiters at 0x7f1e65f3c310>
2021-06-22 11:03:36,633 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/v2/2.2.13/dist/botocore/data/ecs/2014-11-13/waiters-2.json
2021-06-22 11:03:36,635 - MainThread - awscli.clidriver - DEBUG - OrderedDict([('cluster', <awscli.arguments.CLIArgument object at 0x7f1e654a2ee0>), ('service', <awscli.arguments.CLIArgument object at 0x7f1e654a2eb0>), ('desired-count', <awscli.arguments.CLIArgument object at 0x7f1e654a2e80>), ('task-definition', <awscli.arguments.CLIArgument object at 0x7f1e654a2f10>), ('capacity-provider-strategy', <awscli.arguments.ListArgument object at 0x7f1e654a2f40>), ('deployment-configuration', <awscli.arguments.CLIArgument object at 0x7f1e654a2f70>), ('network-configuration', <awscli.arguments.CLIArgument object at 0x7f1e654a2fa0>), ('placement-constraints', <awscli.arguments.ListArgument object at 0x7f1e654a2fd0>), ('placement-strategy', <awscli.arguments.ListArgument object at 0x7f1e654b8040>), ('platform-version', <awscli.arguments.CLIArgument object at 0x7f1e654b8070>), ('force-new-deployment', <awscli.arguments.BooleanArgument object at 0x7f1e654b80a0>), ('no-force-new-deployment', <awscli.arguments.BooleanArgument object at 0x7f1e654b80d0>), ('health-check-grace-period-seconds', <awscli.arguments.CLIArgument object at 0x7f1e654b8100>), ('enable-execute-command', <awscli.arguments.BooleanArgument object at 0x7f1e654b8130>), ('no-enable-execute-command', <awscli.arguments.BooleanArgument object at 0x7f1e654b8160>)])
2021-06-22 11:03:36,635 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.ecs.update-service: calling handler <function add_streaming_output_arg at 0x7f1e65f37280>
2021-06-22 11:03:36,635 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.ecs.update-service: calling handler <function rename_arg.<locals>._rename_arg at 0x7f1e65ec78b0>
2021-06-22 11:03:36,635 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.ecs.update-service: calling handler <function add_cli_input_json at 0x7f1e6693f160>
2021-06-22 11:03:36,635 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.ecs.update-service: calling handler <function add_cli_input_yaml at 0x7f1e6693f430>
2021-06-22 11:03:36,635 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.ecs.update-service: calling handler <function unify_paging_params at 0x7f1e660f3790>
2021-06-22 11:03:36,647 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/v2/2.2.13/dist/botocore/data/ecs/2014-11-13/paginators-1.json
2021-06-22 11:03:36,648 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.ecs.update-service: calling handler <function add_generate_skeleton at 0x7f1e65fe2790>
2021-06-22 11:03:36,648 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.ecs.update-service: calling handler <bound method OverrideRequiredArgsArgument.override_required_args of <awscli.customizations.cliinput.CliInputJSONArgument object at 0x7f1e654b82b0>>
2021-06-22 11:03:36,648 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.ecs.update-service: calling handler <bound method OverrideRequiredArgsArgument.override_required_args of <awscli.customizations.cliinput.CliInputYAMLArgument object at 0x7f1e654b82e0>>
2021-06-22 11:03:36,648 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.ecs.update-service: calling handler <bound method GenerateCliSkeletonArgument.override_required_args of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x7f1e654b8430>>
2021-06-22 11:03:36,650 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecs.update-service.cluster: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7f1e656161c0>
2021-06-22 11:03:36,650 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.ecs.update-service: calling handler <awscli.argprocess.ParamShorthandParser object at 0x7f1e66973ee0>
2021-06-22 11:03:36,650 - MainThread - awscli.arguments - DEBUG - Unpacked value of 'Staging-BC-ECS-Apps-Fargate-C1' for parameter "cluster": 'Staging-BC-ECS-Apps-Fargate-C1'
2021-06-22 11:03:36,650 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecs.update-service.service: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7f1e656161c0>
2021-06-22 11:03:36,650 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.ecs.update-service: calling handler <awscli.argprocess.ParamShorthandParser object at 0x7f1e66973ee0>
2021-06-22 11:03:36,651 - MainThread - awscli.arguments - DEBUG - Unpacked value of 'my-service' for parameter "service": 'my-service'
2021-06-22 11:03:36,651 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecs.update-service.desired-count: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7f1e656161c0>
2021-06-22 11:03:36,651 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecs.update-service.task-definition: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7f1e656161c0>
2021-06-22 11:03:36,651 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.ecs.update-service: calling handler <awscli.argprocess.ParamShorthandParser object at 0x7f1e66973ee0>
2021-06-22 11:03:36,651 - MainThread - awscli.arguments - DEBUG - Unpacked value of 'bc-admin-api:571' for parameter "task_definition": 'bc-admin-api:571'
2021-06-22 11:03:36,651 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecs.update-service.capacity-provider-strategy: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7f1e656161c0>
2021-06-22 11:03:36,651 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecs.update-service.deployment-configuration: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7f1e656161c0>
2021-06-22 11:03:36,651 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecs.update-service.network-configuration: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7f1e656161c0>
2021-06-22 11:03:36,651 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecs.update-service.placement-constraints: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7f1e656161c0>
2021-06-22 11:03:36,651 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecs.update-service.placement-strategy: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7f1e656161c0>
2021-06-22 11:03:36,651 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecs.update-service.platform-version: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7f1e656161c0>
2021-06-22 11:03:36,651 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecs.update-service.force-new-deployment: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7f1e656161c0>
2021-06-22 11:03:36,652 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecs.update-service.health-check-grace-period-seconds: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7f1e656161c0>
2021-06-22 11:03:36,652 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecs.update-service.enable-execute-command: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7f1e656161c0>
2021-06-22 11:03:36,652 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecs.update-service.cli-input-json: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7f1e656161c0>
2021-06-22 11:03:36,652 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecs.update-service.cli-input-yaml: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7f1e656161c0>
2021-06-22 11:03:36,652 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecs.update-service.generate-cli-skeleton: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7f1e656161c0>
2021-06-22 11:03:36,652 - MainThread - botocore.hooks - DEBUG - Event calling-command.ecs.update-service: calling handler <bound method CliInputArgument.add_to_call_parameters of <awscli.customizations.cliinput.CliInputJSONArgument object at 0x7f1e654b82b0>>
2021-06-22 11:03:36,652 - MainThread - botocore.hooks - DEBUG - Event calling-command.ecs.update-service: calling handler <bound method CliInputArgument.add_to_call_parameters of <awscli.customizations.cliinput.CliInputYAMLArgument object at 0x7f1e654b82e0>>
2021-06-22 11:03:36,652 - MainThread - botocore.hooks - DEBUG - Event calling-command.ecs.update-service: calling handler <bound method GenerateCliSkeletonArgument.generate_skeleton of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x7f1e654b8430>>
2021-06-22 11:03:36,652 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: env
2021-06-22 11:03:36,653 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role
2021-06-22 11:03:36,653 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role-with-web-identity
2021-06-22 11:03:36,653 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: sso
2021-06-22 11:03:36,653 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: shared-credentials-file
2021-06-22 11:03:36,654 - MainThread - botocore.credentials - INFO - Found credentials in shared credentials file: ~/.aws/credentials
2021-06-22 11:03:36,655 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/v2/2.2.13/dist/botocore/data/endpoints.json
2021-06-22 11:03:36,662 - MainThread - botocore.hooks - DEBUG - Event choose-service-name: calling handler <function handle_service_name_alias at 0x7f1e682a64c0>
2021-06-22 11:03:36,664 - MainThread - botocore.hooks - DEBUG - Event creating-client-class.ecs: calling handler <function add_generate_presigned_url at 0x7f1e682d0700>
2021-06-22 11:03:36,669 - MainThread - botocore.endpoint - DEBUG - Setting ecs timeout as (60, 60)
2021-06-22 11:03:36,670 - MainThread - botocore.hooks - DEBUG - Event provide-client-params.ecs.UpdateService: calling handler <function base64_decode_input_blobs at 0x7f1e65ea3310>
2021-06-22 11:03:36,670 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.ecs.UpdateService: calling handler <function generate_idempotent_uuid at 0x7f1e682c4550>
2021-06-22 11:03:36,670 - MainThread - botocore.hooks - DEBUG - Event before-call.ecs.UpdateService: calling handler <function inject_api_version_header_if_needed at 0x7f1e6824cdc0>
2021-06-22 11:03:36,670 - MainThread - botocore.endpoint - DEBUG - Making request for OperationModel(name=UpdateService) with params: {'url_path': '/', 'query_string': '', 'method': 'POST', 'headers': {'X-Amz-Target': 'AmazonEC2ContainerServiceV20141113.UpdateService', 'Content-Type': 'application/x-amz-json-1.1', 'User-Agent': 'aws-cli/2.2.13 Python/3.8.8 Linux/5.3.0-1023-aws exe/x86_64.ubuntu.18 prompt/off command/ecs.update-service'}, 'body': b'{"cluster": "Staging-BC-ECS-Apps-Fargate-C1", "service": "my-service", "taskDefinition": "bc-admin-api:571", "enableExecuteCommand": true}', 'url': 'https://ecs.us-west-2.amazonaws.com/', 'context': {'client_region': 'us-west-2', 'client_config': <botocore.config.Config object at 0x7f1e654b8580>, 'has_streaming_input': False, 'auth_type': None}}
2021-06-22 11:03:36,671 - MainThread - botocore.hooks - DEBUG - Event request-created.ecs.UpdateService: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7f1e654b84f0>>
2021-06-22 11:03:36,671 - MainThread - botocore.hooks - DEBUG - Event choose-signer.ecs.UpdateService: calling handler <function set_operation_specific_signer at 0x7f1e682c4430>
2021-06-22 11:03:36,671 - MainThread - botocore.auth - DEBUG - Calculating signature using v4 auth.
2021-06-22 11:03:36,671 - MainThread - botocore.auth - DEBUG - CanonicalRequest:
POST
/

content-type:application/x-amz-json-1.1
host:ecs.us-west-2.amazonaws.com
x-amz-date:20210622T110336Z
x-amz-target:AmazonEC2ContainerServiceV20141113.UpdateService

content-type;host;x-amz-date;x-amz-target
dc8b5611f482d74dabe4f9f470445783b137872a984b0d4b16fd3d21d1e504e4
2021-06-22 11:03:36,671 - MainThread - botocore.auth - DEBUG - StringToSign:
AWS4-HMAC-SHA256
20210622T110336Z
20210622/us-west-2/ecs/aws4_request
c5dbd67dafa7aa28cb6103fd98934b9310de3bf4b29e7bcf14edc6eaef6fc651
2021-06-22 11:03:36,671 - MainThread - botocore.auth - DEBUG - Signature:
668b27d1d503825930052ce56ca5b1d961133b19cc70e6f4a788afc60be42e02
2021-06-22 11:03:36,672 - MainThread - botocore.endpoint - DEBUG - Sending http request: <AWSPreparedRequest stream_output=False, method=POST, url=https://ecs.us-west-2.amazonaws.com/, headers={'X-Amz-Target': b'AmazonEC2ContainerServiceV20141113.UpdateService', 'Content-Type': b'application/x-amz-json-1.1', 'User-Agent': b'aws-cli/2.2.13 Python/3.8.8 Linux/5.3.0-1023-aws exe/x86_64.ubuntu.18 prompt/off command/ecs.update-service', 'X-Amz-Date': b'20210622T110336Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATHTZNNWSJ4YQ237X/20210622/us-west-2/ecs/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=668b27d1d503825930052ce56ca5b1d961133b19cc70e6f4a788afc60be42e02', 'Content-Length': '190'}>
2021-06-22 11:03:36,672 - MainThread - botocore.httpsession - DEBUG - Certificate path: /usr/local/aws-cli/v2/2.2.13/dist/botocore/cacert.pem
2021-06-22 11:03:36,672 - MainThread - urllib3.connectionpool - DEBUG - Starting new HTTPS connection (1): ecs.us-west-2.amazonaws.com:443
2021-06-22 11:03:37,393 - MainThread - urllib3.connectionpool - DEBUG - https://ecs.us-west-2.amazonaws.com:443 "POST / HTTP/1.1" 400 194
2021-06-22 11:03:37,394 - MainThread - botocore.parsers - DEBUG - Response headers: {'x-amzn-RequestId': '284fb2c1-c28b-4a2f-a4d0-39a106ce1cce', 'Content-Type': 'application/x-amz-json-1.1', 'Content-Length': '194', 'Date': 'Tue, 22 Jun 2021 11:03:36 GMT', 'Connection': 'close'}
2021-06-22 11:03:37,394 - MainThread - botocore.parsers - DEBUG - Response body:
b'{"__type":"InvalidParameterException","message":"The service couldn\'t be updated because a valid taskRoleArn is not being used. Specify a valid task role in your task definition and try again."}'
2021-06-22 11:03:37,396 - MainThread - botocore.parsers - DEBUG - Response headers: {'x-amzn-RequestId': '284fb2c1-c28b-4a2f-a4d0-39a106ce1cce', 'Content-Type': 'application/x-amz-json-1.1', 'Content-Length': '194', 'Date': 'Tue, 22 Jun 2021 11:03:36 GMT', 'Connection': 'close'}
2021-06-22 11:03:37,396 - MainThread - botocore.parsers - DEBUG - Response body:
b'{"__type":"InvalidParameterException","message":"The service couldn\'t be updated because a valid taskRoleArn is not being used. Specify a valid task role in your task definition and try again."}'
2021-06-22 11:03:37,396 - MainThread - botocore.hooks - DEBUG - Event needs-retry.ecs.UpdateService: calling handler <bound method RetryHandler.needs_retry of <botocore.retries.standard.RetryHandler object at 0x7f1e65246190>>
2021-06-22 11:03:37,396 - MainThread - botocore.retries.standard - DEBUG - Not retrying request.
2021-06-22 11:03:37,396 - MainThread - botocore.hooks - DEBUG - Event after-call.ecs.UpdateService: calling handler <bound method RetryQuotaChecker.release_retry_quota of <botocore.retries.standard.RetryQuotaChecker object at 0x7f1e654b8eb0>>
2021-06-22 11:03:37,397 - MainThread - awscli.clidriver - DEBUG - Exception caught in main()
Traceback (most recent call last):
  File "awscli/clidriver.py", line 459, in main
  File "awscli/clidriver.py", line 594, in __call__
  File "awscli/clidriver.py", line 770, in __call__
  File "awscli/clidriver.py", line 901, in invoke
  File "awscli/clidriver.py", line 913, in _make_client_call
  File "botocore/client.py", line 278, in _api_call
  File "botocore/client.py", line 597, in _make_api_call
botocore.errorfactory.InvalidParameterException: An error occurred (InvalidParameterException) when calling the UpdateService operation: The service couldn't be updated because a valid taskRoleArn is not being used. Specify a valid task role in your task definition and try again.

An error occurred (InvalidParameterException) when calling the UpdateService operation: The service couldn't be updated because a valid taskRoleArn is not being used. Specify a valid task role in your task definition and try again.

[stobrien89]

Hi @bugb,

Thanks for reaching out! I tried this as well and received the same error message. However, after creating a new task definition revision and selecting a Task Role, it worked. This can be done in the console by selecting your task definition and clicking on the Create new revision option, or in the CLI by using the register-task-definition command.

Hope this helps!

[ns-ajith]

If we want to update for --enable-execute-command which is currently not supported from AWS Management Console

[CodaBool]

Issue is closed but for anyone else coming here from google

You need to provide a "Task role" for a Task Definition (this is different than the "Task execution role"). This can be done by first going to IAM

IAM role creation

1. IAM > roles > create role
2. custom trust policy > copy + paste

   {
   "Version": "2012-10-17",
   "Statement": [
       {
           "Effect": "Allow",
           "Principal": {
               "Service": "ecs-tasks.amazonaws.com"
           },
           "Action": "sts:AssumeRole"
       }
   ]
   }

3. Add permission > Create Policy
4. JSON > replace YOUR_REGION_HERE & YOUR_ACCOUNT_ID_HERE & CLUSTER_NAME > copy + paste

   {
   "Version": "2012-10-17",
   "Statement": [
       {
           "Effect": "Allow",
           "Action": [
               "ssmmessages:CreateControlChannel",
               "ssmmessages:CreateDataChannel",
               "ssmmessages:OpenControlChannel",
               "ssmmessages:OpenDataChannel"
           ],
           "Resource": "*"
       },
       {
           "Effect": "Allow",
           "Action": [
               "logs:DescribeLogGroups"
           ],
           "Resource": "*"
       },
       {
           "Effect": "Allow",
           "Action": [
               "logs:CreateLogStream",
               "logs:DescribeLogStreams",
               "logs:PutLogEvents"
           ],
           "Resource": "arn:aws:logs:YOUR_REGION_HERE:YOUR_ACCOUNT_ID_HERE:log-group:/aws/ecs/CLUSTER_NAME:*"
       }
   ]
   }

5. Give it a name
6. go back to Add permissions > search by name > check > Next
7. Give a role name > create role

ECS new task

1. go back to ECS > go to task definition and create a new revision
2. select your new role for "Task role" (different than "Task execution role") > update Task definition
3. go to your service > update > ensure revision is set to latest > finish update of the service
4. current task and it should auto provision your new task with its new role.
5. try again

Commands I used to exec in

enables execute command

aws ecs update-service --cluster CLUSTER_NAME --service SERVICE_NAME --region REGION --enable-execute-command --force-new-deployment

adds ARN to environment for easier cli. Does assume only 1 task running for the service, otherwise just manually go to ECS and grab arn and set them for your cli

TASK_ARN=$(aws ecs list-tasks --cluster CLUSTER_NAME --service SERVICE_NAME --region REGION --output text --query 'taskArns[0]')

see the task,

aws ecs describe-tasks --cluster CLUSTER_NAME --region REGION --tasks $TASK_ARN

exec in

aws ecs execute-command --region REGION --cluster CLUSTER_NAME --task $TASK_ARN --container CONTAINER --command "sh" --interactive

[mafeifan]

option2: if you are using jetbrains IDE, install plugin https://docs.aws.amazon.com/toolkit-for-jetbrains/latest/userguide/welcome.html

this plugin will help you to enables execute command and exec in

[inspiraller]

Thanks. I followed above and still got error. This was because I had an error in my event log on the service task.

Fix any and all event log errors first. It doesn't matter what the error is, even if it's a warning. In my case it was trying to connect to a port which my ec2 instance was also using - 80. I had to set my hostPort to 0 in the task definition. This fixed the error.

Ensure describe-tasks enableExecute is true echo aws ecs describe-tasks --cluster $project_repo --region $REGION --tasks $taskARN --query="tasks[].enableExecuteCommand" --output text

Then I was able to see the tasks[].enableExecute=true. I can then: ecs execute-command successfully.

What commands can I run?

• Just echo and ls.

If I want to run sh commands I have to run it like this: aws ecs execute-command --region $REGION --cluster $project_repo --task $taskARN --container $project_repo --interactive --command "/bin/sh -c 'cd /bin && ls'"

Ideally the solution though is to export the path.