Lana Dann
11/23/2021, 7:45 PM"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DeleteSecurityGroup"
Anna Geller
11/23/2021, 8:08 PMLana Dann
11/23/2021, 8:11 PMlogs:*
permissions from the task policy? (also to clarify i don’t have any issues using the provided execution role policy, i just need to scope down the task role policy)Anna Geller
11/23/2021, 8:17 PMLana Dann
11/23/2021, 10:07 PMECSRun
and just pass in the ARN of the task definition and register our flow of one task (and that one task is just running the ECS task). but what if i want to define a dependency between two separate ECS tasks with separate task definitions? when one finishes, i’d like to run the second.
also, how can i create a flow that uses two different agents depending on the task?Anna Geller
11/23/2021, 10:13 PMfrom prefect import Flow
from prefect.tasks.prefect import create_flow_run, wait_for_flow_run
from prefect.storage import S3
from prefect.run_configs import ECSRun
STORAGE = S3(
bucket="your_bucket_name",
key="flows/parent_flow.py",
stored_as_script=True,
local_script_path="parent_flow.py",
)
with Flow(
"parent_flow",
storage=STORAGE,
run_config=ECSRun(
labels=["prod"],
task_definition_path="<s3://bucket/flow_task_definition.yaml>",
run_task_kwargs=dict(cluster="prefectEcsCluster"),
),
) as flow:
child_flow_id = create_flow_run(
flow_name="child-flow-name",
project_name="child-flow-project",
run_config=ECSRun(
labels=["dev"],
task_role_arn="arn:aws:iam::XXXX:role/prefectTaskRole",
execution_role_arn="arn:aws:iam::XXXX:role/prefectECSAgentTaskExecutionRole",
image="<http://XXXX.dkr.ecr.us-east-1.amazonaws.com/image_name:latest|XXXX.dkr.ecr.us-east-1.amazonaws.com/image_name:latest>",
run_task_kwargs=dict(cluster="prefectEcsCluster"),
),
)
wait_task = wait_for_flow_run(child_flow_id, raise_final_state=True)