https://prefect.io logo
Title
g

Gintautas Jankus

03/10/2023, 1:22 PM
Hi everyone, I thought to ask about issue regarding prefect 2 giving ec2:DescribeVpcs permission to ECStask infrastructure block. I would like to avoid giving this extra permission and I found Anna’s solution here https://discourse.prefect.io/t/why-the-ec2-describevpcs-aws-iam-policy-is-needed-on-ecstask-even-when-vpc-id-is-explicitly-provided/2062 but unfortunately when I try to deploy and run flow I am still getting error that I need this permission. Only thing I see different how I build ECStask block is that I am using task_definition_arn instead of registering new task definition, but I guess that's not the reason why I am getting error. Maybe someone have some ideas why this error is still appearing ?:)
Here is example how I build ECStask block:
testing_block = ECSTask(
    task_definition_arn="arn:aws:ecs:eu-central-1:123456789:task-definition/test_task:1",
    vpc_id="vpc-123456789",
    cluster="test-cluster",
    task_customizations=[
        {
            "op": "replace",
            "path": "/networkConfiguration/awsvpcConfiguration/assignPublicIp",
            "value": "DISABLED",
        },
        {
            "op": "add",
            "path": "/networkConfiguration/awsvpcConfiguration/subnets",
            "value": ["subnet-12345"],
        },
    ],
)
testing_block.save("testing-block")
Also maybe worth mentioning that I am using latest prefect-aws-0.2.4 on prefect 2 agent