Closed digilist closed 2 years ago
Hi @digilist, thank you for using 7777!
This is a very interesting bug report. The Service Linked Role is something that has to be setup only once per AWS account maybe all of our previous users already had this properly working. The documentation about AWS Service Linked Role for ECS can be found here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html
I will try to reproduce this issue by using an AWS account without the service linked role and see if CloudFormation would automatically provision the service linked role. If that is the case, maybe all we need is to add "iam:CreateServiceLinkedRole"
to the permission documentation.
As a quick workaround, you may go to ECS and create a new cluster using the AWS Console. The Console Wizard will automatically create the service linked role for ECS upon first action. Even if you delete the manually-created Cluster, the Service Linked Role will still be present in your account.
Tried adding the permissions "iam:CreateServiceLinkedRole"
in the policy (at the Allow bit), and did a uninstall of 7777, that solved it for us at least 👍🏻 !
Might be worth adding to documentation so this can be closed.
Thanks @LasseRafn for confirming, I've documented it in https://github.com/whilenull/7777-support/commit/24f11aba2463c2456e79e1a8f99e859cc3aa2a63
Hey, I just ran into this error when I tried out 7777 for the first time:
I am using 7777 with a separate user and used the permissions provided here. With those permission it's not possible to create the service linked role.
So, I am don't know if 7777 would create the service linked role automatically or not if it would be allowed to do it.
But it would be great if there can be some explanation about how to fix this (if permissions cannot/should not be extended to set this up automatically). Took me a few minutes to figure this out ;-)