This message was deleted.
# atlantis-communitys
Slackbot
06/21/2023, 3:15 PMThis message was deleted.
g
Gabriel Martinez
06/21/2023, 3:20 PMHey @Michael Coombs! Without any context, I’d start here https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html
Gabriel Martinez
06/21/2023, 3:20 PMlooks like your container doesn’t have permissions to call AWS SSM
Gabriel Martinez
06/21/2023, 3:24 PMalthough it looks like they are already setting that on the module https://github.com/terraform-aws-modules/terraform-aws-atlantis/blob/2200b5690927dc53459190670ea90de299292251/main.tf#L570-L588
Gabriel Martinez
06/21/2023, 3:24 PMit’s this module, right?
m
Michael Coombs
06/21/2023, 3:46 PMyes, that's the module and policy that's attached
p
PePe Amengual
06/21/2023, 3:50 PMyou have secrets on the task definition?
m
Michael Coombs
06/21/2023, 3:50 PMno, i do not
p
PePe Amengual
06/21/2023, 3:51 PMmeaning ARNs pointing to secrets in ssm on the task def
PePe Amengual
06/21/2023, 3:51 PMand defined as secret entries
g
Gabriel Martinez
06/21/2023, 3:53 PMPlease check your task network configuration.this 1
m
Michael Coombs
06/21/2023, 6:37 PMThanks for the help @Gabriel Martinez and @PePe Amengual the issue was I didn't have a NAT gw in my private subnets
✅ 1
🙌 1
p
PePe Amengual
06/21/2023, 6:38 PMso if you had a vpc endpoint ( which you should no matter what) you might not need a nat gateway
m
Michael Coombs
06/21/2023, 6:38 PMah... ok. thanks and i'll check into that
p
PePe Amengual
06/21/2023, 6:38 PMyou should always have vpc endpoints, you save money that way and is more secure
☝️ 1
g
Gabriel Martinez
06/21/2023, 6:43 PMRule of thumb, if it’s not DNS it’s NAT gateway 🤣
👍 1
Gabriel Martinez
06/21/2023, 6:44 PMStill, for Atlantis you need internet access anyway for it to download modules, providers, etc.
this 1