I've been sitting on this issue for a few days. I'm getting errors for Circular dependency between resources: [ApiEcsEventsRuleProduct] I also have a circular dependency error in ApiEcsTaskDefinition if I remove ApiEcsEventsRuleProduct altogether. The error doesnt make debugging obvious. Any help would be appreciated.
AWSTemplateFormatVersion: 2010-09-09
Description: API Service ECS extensions
Parameters:
CoreStackName:
Description: The name of the API Service Core stack
Type: String
KmsKey:
Description: The ARN of the KMS configuration key
Type: String
Resources:
ApiEcsCloudwatchLogsGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub "/aws/ecs/${AWS::StackName}"
RetentionInDays: 30
ApiEcsCluster:
Type: AWS::ECS::Cluster
Properties:
ClusterName: !Ref AWS::StackName
ClusterSettings:
- Name: containerInsights
Value: enabled
ApiEcsRepository:
Type: AWS::ECR::Repository
Properties:
RepositoryName: !Ref AWS::StackName
ApiEcsTaskExecutionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- ecs-tasks.amazonaws.com
Action:
- sts:AssumeRole
MaxSessionDuration: 43200
RoleName: !Ref AWS::StackName
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
- arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess
Policies:
- PolicyName: role-permissions
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- kms:Decrypt
Resource: !Sub "arn:aws:kms:${AWS::Region}:${AWS::AccountId}:key/${KmsKey}"
ApiEcsTaskInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Roles:
- !Ref ApiEcsTaskExecutionRole
ApiEcsTaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
RequiresCompatibilities:
- FARGATE
Family: !Ref AWS::StackName
NetworkMode: awsvpc
Cpu: 2048
Memory: 12288
ExecutionRoleArn: !GetAtt ApiEcsTaskExecutionRole.Arn
TaskRoleArn: !GetAtt ApiEcsTaskExecutionRole.Arn
Volumes:
- Name: temp_file
ContainerDefinitions:
- Name: !Ref AWS::StackName
Cpu: 2048
Essential: true
Memory: 12288
Image: !Sub "${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${AWS::StackName}:latest"
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Ref ApiEcsCloudwatchLogsGroup
awslogs-region: !Ref AWS::Region
awslogs-stream-prefix: ecs
MountPoints:
- SourceVolume: temp_file
ContainerPath: /var/log/exported
ApiEcsEventsRuleProduct:
Type: AWS::Events::Rule
Properties:
Name: ExportProduct
ScheduleExpression: "cron(10 3 * * ? *)"
State: DISABLED
Targets:
- Id: Canada
Arn: !Sub "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:cluster/${AWS::StackName}"
RoleArn: !Sub "arn:aws:iam::${AWS::AccountId}:role/ecsTaskExecutionRole"
Input: !Sub '{
"containerOverrides": [{
"name": "${AWS::StackName}",
"command": ["Some command"],
"environment": [{ "name": "ConfigTableName", "value": "${CoreStackName}-config" }, { "name": "JobHandlerTableName", "value": "${CoreStackName}-jobs" }, { "name": "AWS_REGION", "value": "${AWS::Region}" }]
}]
}'
EcsParameters:
LaunchType: FARGATE
TaskDefinitionArn: !Ref ApiEcsTaskDefinition
NetworkConfiguration:
AwsVpcConfiguration:
AssignPublicIp: DISABLED
SecurityGroups:
- Fn::ImportValue: !Sub "${CoreStackName}-VpcSecurityGroup"
Subnets:
- Fn::ImportValue: !Sub "${CoreStackName}-PrivateSubnet"
DependsOn:
- ApiEcsCluster
- ApiEcsRepository
- ApiEcsTaskDefinition
- ApiEcsEventsRuleProduct
CodePudding user response:
This is the problem:
DependsOn:
- ApiEcsEventsRuleProduct
The ApiEcsEventsRuleProduct resource cannot have a reference to itself.