Channels
pacc-may-31-2023
prefect-ai
pacc-clearcover-june-12-2023
marvin-in-the-wild
data-ecosystem
geo-israel
geo-japan
prefect-cloud
ppcc-may-16-2023
prefect-azure
prefect-docker
prefect-recipes
gratitude
geo-nyc
geo-bay-area
geo-boston
geo-london
geo-dc
geo-chicago
geo-berlin
geo-texas
geo-seattle
geo-colorado
prefect-community
data-tricks-and-tips
prefect-aws
prefect-gcp
introductions
find-a-prefect-job
prefect-dbt
random
events
ask-marvin
show-us-what-you-got
prefect-getting-started
prefect-integrations
prefect-contributors
best-practices-coordination-plane
announcements
prefect-server
prefect-ui
prefect-kubernetes
Title
g
Gintautas Jankus
03/10/2023, 1:22 PMHi everyone, I thought to ask about issue regarding prefect 2 giving ec2:DescribeVpcs permission to ECStask infrastructure block. I would like to avoid giving this extra permission and I found Anna’s solution here https://discourse.prefect.io/t/why-the-ec2-describevpcs-aws-iam-policy-is-needed-on-ecstask-even-when-vpc-id-is-explicitly-provided/2062 but unfortunately when I try to deploy and run flow I am still getting error that I need this permission. Only thing I see different how I build ECStask block is that I am using task_definition_arn instead of registering new task definition, but I guess that's not the reason why I am getting error. Maybe someone have some ideas why this error is still appearing ?:)
Here is example how I build ECStask block:
testing_block = ECSTask(
task_definition_arn="arn:aws:ecs:eu-central-1:123456789:task-definition/test_task:1",
vpc_id="vpc-123456789",
cluster="test-cluster",
task_customizations=[
{
"op": "replace",
"path": "/networkConfiguration/awsvpcConfiguration/assignPublicIp",
"value": "DISABLED",
},
{
"op": "add",
"path": "/networkConfiguration/awsvpcConfiguration/subnets",
"value": ["subnet-12345"],
},
],
)
testing_block.save("testing-block")Also maybe worth mentioning that I am using latest prefect-aws-0.2.4 on prefect 2 agent