@Marvin I’m trying to create an ECSWorker but I run into this error

botocore.errorfactory.AccessDeniedException: An error occurred (AccessDeniedException) when calling the RegisterTaskDefinition operation: User: arn:aws:sts::533267159907:assumed-role/ecsTaskExecutionRole/77436a8d9a854e28a6bb29bff23ee53d is not authorized to perform: ecs:RegisterTaskDefinition on resource: arn:aws:ecs:eu-north-1:533267159907:task-definition/prefect:* because no identity-based policy allows the ecs:RegisterTaskDefinition action

It appears that the specific error you're encountering does not have open issues on the Prefect GitHub repository. However, the error message you provided gives a clear indication of what the issue might be. The error indicates that the IAM role (

ecsTaskExecutionRole

) you're using does not have the necessary permissions to perform the

ecs:RegisterTaskDefinition

action for the resources within the specified AWS account and region. To resolve this issue, you should review and update the IAM policy attached to the

ecsTaskExecutionRole

to include permissions for

ecs:RegisterTaskDefinition

. Make sure that the policy allows actions on the resource

arn:aws:ecs:eu-north-1:533267159907:task-definition/prefect:*

. Here is an example policy statement that allows the required action:

json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "ecs:RegisterTaskDefinition",
            "Resource": "arn:aws:ecs:eu-north-1:533267159907:task-definition/prefect:*"
        }
    ]
}

Remember to replace the AWS account ID and region with your values if they are different. Once you've updated the IAM policy, try creating the ECSWorker again. If you are unsure about editing or creating IAM policies, you should refer to the AWS IAM User Guide. Always handle IAM permissions with care, ensuring you follow the principle of least privilege to maintain security within your AWS environment.