https://prefect.io logo
Title
a

Ashley Felber

12/12/2022, 6:32 PM
Hello, I have created a deployment using an ECStask block. The ECStask block is configured to run an existing task definition. When I try to run the deployment I get the following error: "Submission failed. botocore.errorfactory.AccessDeniedException: An error occurred (AccessDeniedException) when calling the RegisterTaskDefinition operation: User <> is not authorized to perform: ecs:RegisterTaskDefinition on resource: * because no identity-based policy allows the ecs:RegisterTaskDefinition action." Why does the agent need the ability to register a task definition if it already exists?
1
z

Zanie

12/12/2022, 6:50 PM
We register a new task definition if you are using settings that require a new task definition 🙂 some fields can only be updated with a new task definition.
If you turn on DEBUG logs, we’ll display a diff of the task definition required for run the
ECSTask
as configured vs your pre-registered one.
a

Ashley Felber

12/12/2022, 6:55 PM
Sorry if I missing this but where/how do I turn on DEBUG logs?
z

Zanie

12/12/2022, 7:02 PM
PREFECT_LOGGING_LEVEL=DEBUG on your agent
a

Ashley Felber

12/12/2022, 7:09 PM
Ok thanks and where do I view the logs?
z

Zanie

12/12/2022, 7:12 PM
Wherever your agent is running
a

Ashley Felber

12/12/2022, 10:08 PM
Ok I see the logs but not sure how to read them. How do I know what's missing from the task definition using the logs?
z

Zanie

12/12/2022, 10:20 PM
There’s an example in that issue, can you share the output?
Ah, you see all those “+” bits? That’s content that was added at runtime.
This is because you’ve enabled
stream_output
which means we need to configure a log stream which can only be set per task definition not task run.
a

Ashley Felber

12/12/2022, 10:42 PM
Thanks. For the log configuration, these values are already set in my task definition: "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "/ecs/analytics-ct-snowflake-load-historical-task", "awslogs-region": "us-west-2", "awslogs-stream-prefix": "ecs" } Are you saying it needs to be set somewhere else? Also, are the volumesFrom and name components that have a + required? What's the name for and why does the VolumesFrom need to be set?
z

Zanie

12/12/2022, 10:45 PM
I’m not sure what the volumes thing is — I’m not sure there’s a real difference there.
Do you have
stream_output
set on your
ECSTask
?
a

Ashley Felber

12/12/2022, 10:46 PM
Yes I do, I was told it was actually required
z

Zanie

12/12/2022, 11:05 PM
Ah I see, nice! The difference seems to just be the container name
We require a container named “prefect” to exist — do you have the name set to that on your task definition?
a

Ashley Felber

12/12/2022, 11:18 PM
Nope the container has a different name, trying that now
Ok that resolved that issue, thanks!
🔥 1
z

Zanie

12/12/2022, 11:45 PM
No problem! I opened an issue to clarify this
:gratitude-thank-you: 1
:wizard2: 1