Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.

Prefect Community

Screen Shot 2021-04-26 at 5.19.18 PM.png

Hey y'all! I had a question regarding IAM permissions on the AWS task that the prefect agent creates to run a flow. What's the best way to add a task-role and a sec group on it?
I tried using <https://docs.prefect.io/orchestration/flow_config/run_configs.html#ecsrun> but to no avail. I see the values on prefect cloud's UI under advanced settings, but I don't see anything on the actual Task Def that gets created. Is this the correct way to accomplish something like this? Or am I on the wrong track here?

Hi <@U01M62PLZSA>! You tried supplying a YAML file with the `task_definition_path`?

Hey! :wave:
I have not. Is this the `task_definition_path` param in the run_config() that you're talking about?

I did read that if I wanted to get funky, I'd have to ensure that I had a flow-container or something?

```from prefect import task, Flow
from prefect.storage import Docker
from prefect.run_configs import ECSRun


@task(log_stdout=True)
def task_name():
    do task_logic
    print(value)
    return(value)

with Flow("Test-Rostering-Flow-3", storage=Docker(registry_url="url",
                                                  image_name="test",
                                                  base_image="image"
                                                  )) as flow:
    value = task_name()

networkConfiguration = {
    'awsvpcConfiguration': {
        'securityGroups': [
            'sg-xxxxxx',
        ]
    }
}
flow.run_config = ECSRun(
    task_role_arn="arn:aws:iam::xxxx:role/somethingTaskRole",
    run_task_kwargs=networkConfiguration,
    env={"SOME_VAR": "value"})
print(flow.run_config)
flow.run()
flow.register(project_name="STAGING/test-setup", labels=['staging'])```

I see. I may have yo get back tomorrow but I’ll be taking a look at this tonight.

If you need something more immediately though, <https://lejimmy.com/distributed-data-pipelines-with-aws-ecs-fargate-and-prefect-cloud/|this> blog may help you.

I just realized I had `prefect agent start fargate` and I believe that's deprecated. I'm going to run an ECS agent and see if that does the trick

That did it! Once I ran the ecs agent, the ECSRunConfig() started getting respected!

Wohooo :tada: Thanks for your help Kevin!