Create IAM Role
Create IAM Role
To run a task in ECS with AWS OpenTelemetry Collector, we need two different roles- TaskRole and TaskExecutionRole. In this section, we will create these two roles with proper IAM policies.
The TaskRole is the IAM role used by the task itself. For example, if your container wants to call other AWS services like Amazon CloudWatch, AWS X-Ray, etc then those permissions would need to be covered by the TaskRole.
1.1. Go to AWS Management Console
Go to AWS Management Console and open the IAM Roles page.
1.2. Create Role
Click the Create Role button on top-left corner.
Elastic Container Service
1.4. Select Use Case
In the bottom of the same page, click the Elastic Container Service Task and click Next: permissions button to go to the next page.
1.5. Attach Policy to the Role
Search for and select the policy (AWSDistroOpenTelemetryPolicy) we created in our previous Create IAM Policy tutorial. Click Next: Tags button to go to the next page.
1.6. Add Role Name and Description
Put a role name (i.e. AWSOTTaskRole) and role description. Click the Create Role button and finish the process.
The TaskExecutionRole grants Amazon ECS permissionS to make AWS API calls on your behalf.
2.1. Repeat steps from previous section
Repeat the following steps (1.1 to 1.4) from Create TaskRole section-
- 1.1 Go to AWS Management Console
- 1.2 Create Role
- 1.3 Select Elastic Container Service
- 1.4 Select Use Case
- 1.5 Attach Plolicy to the Role
Search for and Select the AmazonECSTaskExecutionRolePolicy Policy.
Search for and Select the CloudWatchLogsFullAccess Policy.
Search for and Select the AmazonSSMReadOnlyAccess Policy. Click Next: Tags button to go to the next page.
2.4 Add Role Name and Description
Click Next: Review button to go to the next page, put a role name (i.e. AWSOTTaskExcutionRole) and description. Click the Create Role button and finish the process.