From 563887fd8e301376f2af8124d82426e7c581109a Mon Sep 17 00:00:00 2001 From: Alex Simkin Date: Tue, 26 Nov 2024 21:20:57 +0200 Subject: [PATCH] feat: Use ECS task protection instead of EC2 instance protection for auto-scaling This will let tasks complete and not be force-terminated by ECS fixes https://github.com/stanfordnmbl/opencap-infrastructure/issues/23 --- modules/processing/autoscaling.tf | 2 +- modules/processing/ecs_task_roles.tf | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/processing/autoscaling.tf b/modules/processing/autoscaling.tf index 4634f1d..a0457a4 100644 --- a/modules/processing/autoscaling.tf +++ b/modules/processing/autoscaling.tf @@ -101,7 +101,7 @@ resource "aws_ecs_capacity_provider" "worker_lt_gpu_provider" { auto_scaling_group_provider { auto_scaling_group_arn = aws_autoscaling_group.worker_lt_asg.arn - managed_termination_protection = "DISABLED" + managed_termination_protection = "ENABLED" managed_scaling { status = "ENABLED" diff --git a/modules/processing/ecs_task_roles.tf b/modules/processing/ecs_task_roles.tf index 8b4fb05..5963423 100644 --- a/modules/processing/ecs_task_roles.tf +++ b/modules/processing/ecs_task_roles.tf @@ -64,7 +64,7 @@ resource "aws_iam_role" "processing_worker_role" { resource "aws_iam_policy" "processing_worker_policy" { name = "processing-worker-task-policy${var.env}" - description = "Policy for ECS tasks to manage instance protection during Auto Scaling scale-in events and get CloudWatch metrics" + description = "Policy for ECS tasks to manage ecs task protection during Auto Scaling scale-in events and get CloudWatch metrics" policy = jsonencode({ Version = "2012-10-17" @@ -72,8 +72,8 @@ resource "aws_iam_policy" "processing_worker_policy" { { Effect = "Allow" Action = [ - "autoscaling:SetInstanceProtection", - "autoscaling:DescribeAutoScalingInstances" + "ecs:GetTaskProtection", + "ecs:UpdateTaskProtection" ] Resource = "*" },