We have issues establishing ECS as the backend for Traefik in AWS.
Using version 2.3 RC we are specifying the cluster name in the container command like this:
--providers.ecs.clusters=dev-cluster_r1
and when trying to test we get this error
time="2020-08-13T20:12:31Z" level=debug msg="ECS Clusters: [dev-cluster_r1]" providerName=ecs
time="2020-08-13T20:12:32Z" level=error msg="Unable to list tasks" providerName=ecs
time="2020-08-13T20:12:32Z" level=error msg="Provider connection error AccessDeniedException: User: arn:aws:sts::xxxxxxx:assumed-role/xxxxxRole/xxxxxxx is not authorized to perform: ecs:ListTasks on resource: *, retrying in 17.242423998s" providerName=ecs
although our role has permissions defined like this:
{
"Sid": "AllowECSTaskActions",
"Effect": "Allow",
"Action": [
"ecs:RunTask",
"ecs:StartTask",
"ecs:StopTask",
"ecs:DescribeTasks",
"ecs:ListTasks",
"ecs:DescribeTaskDefinition",
"ecs:ListTaskDefinitions"
],
"Resource": [
"arn:aws:ecs:us-east-1:xxx:task/*",
"arn:aws:ecs:us-west-2:xxx:task/*",
"arn:aws:ecs:us-east-1:xxx:task-definition/*",
"arn:aws:ecs:us-west-2:xxx:task-definition/*"
]
},
Note : I used xxx to cover the real resources name
What is wrong here? We do not want to scan all clusters with *, so we are giving a cluster name dev-cluster_r1.
How do we have to define the clusters to be scanned in Traefik v2.3RC?
Any help welcome
Thanks