Otdfbt

Did Karl Marx ever use any example that involved cotton and dollars to illustrate the way capital and surplus value were generated?

How are the Zhentarim and Black Fist related?

How do I set an alias to a terminal line?

Can any NP-Complete Problem be solved using at most polynomial space (but while using exponential time?)

I am completely new to Tales from the Floating Vagabond, how do I get started?

What is this tool/thing in an Aztec painting?

expiry or manufactured date?

Find the diameter of a word graph

How risky is real estate?

Swapping rooks in a 4x4 board

Should I prioritize my 401(k) over my student loans?

Are all instances of trolls turning to stone ultimately references back to Tolkien?

What is the origin of Scooby-Doo's name?

Wifi dongle speed is slower than advertised

Why doesn't a marching band have strings?

Hand soldering SMD 1206 components

Interaction between Leyline of Anticipation and Teferi, Time Raveler

Archery in modern conflicts

What is the legal status of travelling with methadone in your carry-on?

Is using weak login credentials always bad?

If you snatch, I trade

What does "play with your toy’s toys" mean?

Is a single radon-daughter atom in air a solid?

Where can I find a database of galactic spectra?

AWS ECS deployment Error using Cross Account

AWS RDS CLI: AccessDenied on CreateDBSnapshotUnable to install tomcat using aws cloud formation scriptsDocker project on AWS ECSCannotPullContainerError on AWS ECSaws ec2 describe-instances not allowed in user-data?Autoscaling AWS ECS services with soft limitsECR cross-account pull permissionsAWS ECS: Service + autoscaling vs User Data launching TaskError creating new cluster in AWS with ecs-cliAWS ECS Continuous Deployment issue with CodePipeline

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

1

I created a jenkins job runing inside account A that connects using cross accounts IAM roles to account B, where we have a ECS cluster.
I manageg to build and upload the docker images from account A jenkins to account B, but when I use:

aws ecs update-service --cluster arn:aws:ecs:eu-west-1:Account_B_ID:cluster/Cluster --service cluster-service --force-new-deployment --region eu-west-1

I was promted by an error:

An error occurred (InvalidParameterException) when calling the UpdateService operation: Identifier is for AccountID_B. Your accountId is AccountID_A

I have checked the Update-Service documentation, but i don't find any mistake and I cant found anything more regarding this issue anywhere.

Do you know where/how is the correct way of ECS cross account deployment?

Thanks for your time and help!

amazon-web-services aws-cli amazon-ecs

share|improve this question

edited Jun 6 at 17:10

Gotttlieb

asked Jun 6 at 16:54

GotttliebGotttlieb

1044 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Jenkins runs the aws ecs update-service command, right?
  
  – Dominik
  Jun 6 at 17:13
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Yes, it's that way
  
  – Gotttlieb
  Jun 6 at 22:50
  

  
  
  
  

add a comment | 

1

I created a jenkins job runing inside account A that connects using cross accounts IAM roles to account B, where we have a ECS cluster.
I manageg to build and upload the docker images from account A jenkins to account B, but when I use:

aws ecs update-service --cluster arn:aws:ecs:eu-west-1:Account_B_ID:cluster/Cluster --service cluster-service --force-new-deployment --region eu-west-1

I was promted by an error:

An error occurred (InvalidParameterException) when calling the UpdateService operation: Identifier is for AccountID_B. Your accountId is AccountID_A

I have checked the Update-Service documentation, but i don't find any mistake and I cant found anything more regarding this issue anywhere.

Do you know where/how is the correct way of ECS cross account deployment?

Thanks for your time and help!

amazon-web-services aws-cli amazon-ecs

share|improve this question

edited Jun 6 at 17:10

Gotttlieb

asked Jun 6 at 16:54

GotttliebGotttlieb

1044 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Jenkins runs the aws ecs update-service command, right?
  
  – Dominik
  Jun 6 at 17:13
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Yes, it's that way
  
  – Gotttlieb
  Jun 6 at 22:50
  

  
  
  
  

add a comment | 

I created a jenkins job runing inside account A that connects using cross accounts IAM roles to account B, where we have a ECS cluster.
I manageg to build and upload the docker images from account A jenkins to account B, but when I use:

aws ecs update-service --cluster arn:aws:ecs:eu-west-1:Account_B_ID:cluster/Cluster --service cluster-service --force-new-deployment --region eu-west-1

I was promted by an error:

An error occurred (InvalidParameterException) when calling the UpdateService operation: Identifier is for AccountID_B. Your accountId is AccountID_A

I have checked the Update-Service documentation, but i don't find any mistake and I cant found anything more regarding this issue anywhere.

Do you know where/how is the correct way of ECS cross account deployment?

Thanks for your time and help!

amazon-web-services aws-cli amazon-ecs

share|improve this question

edited Jun 6 at 17:10

Gotttlieb

asked Jun 6 at 16:54

GotttliebGotttlieb

1044 bronze badges

aws ecs update-service --cluster arn:aws:ecs:eu-west-1:Account_B_ID:cluster/Cluster --service cluster-service --force-new-deployment --region eu-west-1

An error occurred (InvalidParameterException) when calling the UpdateService operation: Identifier is for AccountID_B. Your accountId is AccountID_A

share|improve this question

edited Jun 6 at 17:10

Gotttlieb

asked Jun 6 at 16:54

GotttliebGotttlieb

1044 bronze badges

share|improve this question

edited Jun 6 at 17:10

Gotttlieb

asked Jun 6 at 16:54

GotttliebGotttlieb

1044 bronze badges

asked Jun 6 at 16:54

GotttliebGotttlieb

1044 bronze badges

asked Jun 6 at 16:54

GotttliebGotttlieb

1044 bronze badges

1 Answer
1

active

oldest

votes

2

Run the command with a CLI --profile which assumes the IAM role on account-B:

aws ecs update-service --profile account-B_roleName

In ~/.aws/config:

[profile account-B_roleName]
role_arn = arn:aws:iam::808449698514:role/PowerUser

You can only apply a command on a resource in an account with an (assumed) role or user which is defined in that account.

share|improve this answer

answered Jun 6 at 17:26

DominikDominik

13644 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks so much!; I have to admit that I already used the "--profile" in other commands, but I didn't notice it here. And seems strange to me that anywhere was this explained as clear as you explained it here. THanks!
  
  – Gotttlieb
  Jun 6 at 23:03
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f970414%2faws-ecs-deployment-error-using-cross-account%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

2

Run the command with a CLI --profile which assumes the IAM role on account-B:

aws ecs update-service --profile account-B_roleName

In ~/.aws/config:

[profile account-B_roleName]
role_arn = arn:aws:iam::808449698514:role/PowerUser

You can only apply a command on a resource in an account with an (assumed) role or user which is defined in that account.

share|improve this answer

answered Jun 6 at 17:26

DominikDominik

13644 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks so much!; I have to admit that I already used the "--profile" in other commands, but I didn't notice it here. And seems strange to me that anywhere was this explained as clear as you explained it here. THanks!
  
  – Gotttlieb
  Jun 6 at 23:03
  

  
  
  
  

add a comment | 

2

Run the command with a CLI --profile which assumes the IAM role on account-B:

aws ecs update-service --profile account-B_roleName

In ~/.aws/config:

[profile account-B_roleName]
role_arn = arn:aws:iam::808449698514:role/PowerUser

You can only apply a command on a resource in an account with an (assumed) role or user which is defined in that account.

share|improve this answer

answered Jun 6 at 17:26

DominikDominik

13644 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks so much!; I have to admit that I already used the "--profile" in other commands, but I didn't notice it here. And seems strange to me that anywhere was this explained as clear as you explained it here. THanks!
  
  – Gotttlieb
  Jun 6 at 23:03
  

  
  
  
  

add a comment | 

Run the command with a CLI --profile which assumes the IAM role on account-B:

aws ecs update-service --profile account-B_roleName

In ~/.aws/config:

[profile account-B_roleName]
role_arn = arn:aws:iam::808449698514:role/PowerUser

You can only apply a command on a resource in an account with an (assumed) role or user which is defined in that account.

share|improve this answer

answered Jun 6 at 17:26

DominikDominik

13644 bronze badges

[profile account-B_roleName]
role_arn = arn:aws:iam::808449698514:role/PowerUser

share|improve this answer

answered Jun 6 at 17:26

DominikDominik

13644 bronze badges

answered Jun 6 at 17:26

DominikDominik

13644 bronze badges

answered Jun 6 at 17:26

DominikDominik

13644 bronze badges