error task defition

[kollinnbenv]

Description

# aws_ecs_task_definition.task_mira:
resource "aws_ecs_task_definition" "task_keycloak" {

  cpu                      = "512"
  family                   = "${local.service}-keycloak-service"
  memory                   = "1024"
  network_mode             = "awsvpc"
  requires_compatibilities = ["FARGATE"]
  tags                     = {}
  tags_all                 = {}

  # aws_ecs_task_definition.task_mira:
  container_definitions = jsonencode(
    [
      {
        "logConfiguration" : {
          "logDriver" : "awslogs",
          "options" : {
            "awslogs-group" : "/ecs/${terraform.workspace}-keycloak",
            "awslogs-region" : "sa-east-1",
            "awslogs-stream-prefix" : "ecs"
          }
        },
        "portMappings" : [
          {
            "hostPort" : 8080,
            "protocol" : "tcp",
            "containerPort" : 8080
          }
        ],
        "cpu" : 1024,
        "environment" : [
          {
            "name" : "DB_VENDOR",
            "value" : "mysql"
          },
          {
            "name" : "DB_USER",
            "value" : "keycloak"
          },
          {
            "name" : "DB_ADDR",
            "value" : "${data.aws_db_instance.database_endpoint.endpoint}"
          },
          {
            "name" : "DB_PORT",
            "value" : "6392"
          },
          {
            "name" : "DB_DATABASE",
            "value" : "keycloak"
          },
          {
            "name" : "KEYCLOAK_USER",
            "value" : "admin"
          },
          {
            "name" : "JGROUPS_DISCOVERY_PROTOCOL",
            "value" : "JDBC_PING"
          },
          {
            "name" : "JGROUPS_DISCOVERY_PROPERTIES",
            "value" : "datasource_jndi_name=java:jboss/datasources/KeycloakDS,info_writer_sleep_time=500,remove_old_coords_on_view_change=true"
          },
          {
            "name" : "PROXY_ADDRESS_FORWARDING",
            "value" : "true"
          },
        ],
        "secrets" : [
          {
            "name" : "DB_PASSWORD",
            "valueFrom" : "arn:....................."
          },
          {
            "name" : "KEYCLOAK_PASSWORD",
            "valueFrom" : "arn:................."
          }
        ],
        "dockerSecurityOptions" : null,
        "memory" : null,
        "memoryReservation" : 2048,
        "name" : "prd-container-mira-keycloak"
      }
    ],
  )

}

ERROR:

 Error: creating ECS Task Definition (wac-tpsf-keycloak-service): ClientException: When you are specifying container secrets, you must also specify a value for 'executionRoleArn'.
│
│   with aws_ecs_task_definition.task_keycloak,
│   on task_ecs.tf line 5, in resource "aws_ecs_task_definition" "task_keycloak":
│    5: resource "aws_ecs_task_definition" "task_keycloak" {

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[mdabrar-pv]

This is not a bug. You should add an execution role in the task definition. For Example

execution_role_arn = "arn:aws:iam::YOUR_ACCOUNT_ID:role/YOUR_EXECUTION_ROLE_NAME"

[justinretzolk]

Hey @kollinnbenv 👋 As mentioned above, this looks like you need to add a value to the aws_ecs_task_definition resource's execution_role_arn argument. Can you try that and verify that it resolves your issue?