Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Failed to run Fargate tasks occur due to an AWS Lambda AccessDeniedException. #162

Closed
6 tasks
soudegesu opened this issue Feb 17, 2024 · 2 comments
Closed
6 tasks
Assignees
Labels
bug Something isn't working triaged The issue has been triaged and is valid

Comments

@soudegesu
Copy link

soudegesu commented Feb 17, 2024

Describe the bug
When running test cases, Failed to run Fargate tasks are displayed, and tests are not executed.

To Reproduce

  1. Download CloudFormation template from here. This template is published on Distributed Load Testing on AWS as AWS solution library.
  2. Provision AWS resources with CloudFormation template.
  3. Activate initial account.
  4. Setup test case and execute it.
  5. Failed test with message Failed to run Fargate tasks

Expected behavior

  • Start to execute test case

Please complete the following information about the solution:

  • Version: [e.g. v1.1.0]
    • v3.2.5
  • Region: [e.g. us-east-1]
    • ap-northeast-1
  • Was the solution modified from the version published on this repository?
    • No
  • If the answer to the previous question was yes, are the changes available on GitHub?
  • Have you checked your service quotas for the services this solution uses?
    • Yes
  • Were there any errors in the CloudWatch Logs?
    • Yes. The execution log of AWS Lambda named LoadTesting-DLTLambdaFunctionTaskRunnerXXX outputs error message as follows.
ERROR AccessDeniedException: User: arn:aws:sts::xxxxxxxxx:assumed-role/LoadTesting-DLTLambdaFunctionDLTTestLambdaTaskRole1-NBm9N9xIFI6W/LoadTesting-DLTLambdaFunctionTaskRunnerAAAD9171-18Tw38j9u4Rq is not authorized to perform: ecs:TagResource on resource: arn:aws:ecs:ap-northeast-1:xxxxxxxx:task/LoadTesting/* because no identity-based policy allows the ecs:TagResource action

Screenshots
failed_to_run

Additional context
When I add ecs:TagResource action to DLTLambdaFunctionDLTTestLambdaTaskRoleXXX IAM Role, I can start to execute test case.

@soudegesu soudegesu added the bug Something isn't working label Feb 17, 2024
@kamyarz-aws kamyarz-aws self-assigned this Feb 20, 2024
@kamyarz-aws
Copy link
Member

We are on top of this. In the meantime to unblock yourself you can go to your account and add ecs:tagResource you can locate your DLTTestLambdaTaskRole from your cloudformation template and add the said action to your TaskLambdaPolicy.

@kamyarz-aws kamyarz-aws added the triaged The issue has been triaged and is valid label Feb 22, 2024
@iut62elec
Copy link

yes thanks. I can confirm adding below to TaskLambdaPolicy made it work.
{
"Action": "ecs:TagResource",
"Resource": "*",
"Effect": "Allow"
}

tabdunabi added a commit that referenced this issue Mar 6, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
### Changed

- Updated version of chartjs fromv v3.0.0 to v4
- Updated version of react from v17 to v18
- Updated version of react-dom from v17 to v18
- Removed moment.js as the library was in maintenance mode. Replaced with built-in javascript date and time 
- Updated Jmeter dependencies and taurus dependencis within the docker image to enhance the security of the docker image
- Updated taurus version from v1.16.27 to v1.16.29

### Fixed

- Bug fix to resolve issue with graph not showing on scheduled tests [#158](#158)
- Bug fix created by changes of the ECS account setting and enabling Tag Resource Authorization as default settings [#162](#162)
- Bug fix to resolve issue with running the tests on OPT-IN regions [#163](#163)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working triaged The issue has been triaged and is valid
Projects
None yet
Development

No branches or pull requests

3 participants