We’re trying to deploy a container to an ECS cluster with the Deploy Amazon ECS step, but the process fails because the Octo worker does not have iam:PassRole permission.
Is this permission necessary or is there a way around this?
In the below screenshot I tried setting the Worker role as the Task Role as well as the Execution role. But i also tried using a new role that is only for the Task Execution and got the same iam:Passrole error
It looks like this is related to missing that particular IAM role. I’d recommend checking that the role you are running this ECS step has that role that the AWS IAM errors are throwing (iam:Passrole). This would be the best advice I could give for this, we unfortunately don’t have any control of IAM roles in your infrastructure.
Once that permission is added to that role it should hopefully continue working correctly. If any other permission errors come up they will also need adding into that role.
Let us know how you get on with this and if any other Octopus errors come up, please let us know.