IAM error when deploying LoadBalancedFargateService

[PaulMaddox]

Given the following:

// Create a default VPC (with public/private subnets and 10.0.0.0/16 CIDR range)
const vpc = new ec2.VpcNetwork(this, 'VPC');

// Create an ECS cluster
const cluster = new ecs.Cluster(this, 'Cluster', { vpc });

// Add EC2 instances to the cluster (inc. auto-scaling and container draining)
const asg = cluster.addDefaultAutoScalingGroupCapacity({
    instanceCount: 2,
    maxCapacity: 10,
    instanceType: new ec2.InstanceType('m4.large'),
})

// Create an example nginx service
const nginx = new ecs.LoadBalancedFargateService(this, 'Nginx', {
    cluster,
    image: ecs.ContainerImage.fromDockerHub('nginx:latest'),
})

I get the following error on cdk deploy:

Fargate requires task definition to have execution role ARN to support log driver awslogs. (Service: AmazonECS; Status Code: 400; Error Code: ClientException; Request ID: 86141580-f78e-11e8-88ae-198b4970816c)

This feels like something that should be setup as part of the default experience.

[rix0rrr]

Totally should. This must be a new check (re:Invent?) because we have integration tests for this.

Also, you're adding EC2 capacity to a cluster you're ending up running a Fargate service on. The capacity is not necessary there. Maybe we should have called it addEc2Capacity?

(cc @SoManyHs )

[Doug-AWS]

+1

[Doug-AWS]

I hit this on 0.18.1 and 0.19.0