4

I have created an AWS ECS instance in ca-central region. It works with the dynamic public ip which changes every time when I update the service. Everything is good so far.

As I need a public static IP, I have created an elastic ip in the same region and try to associate the ip with the ECS instance.

Resource Type: Network Interface
Reassociation: Allow this Elastic IP address to be reassociated (checked)

When I try this, it throws the error like this: Elastic IP address could not be associated. Elastic IP address nn.nn.nn.nn: You do not have permission to access the specified resource.

Raja SGS
  • 53
  • 5

2 Answers2

1

It seems the EIP you are trying to associate to the ECS container instance is already associated with another resource (e.g. Nat Gateway?). Please make sure the EIP is not currently associated with any other resource then try again.

Also confirm the user performing these actions has the following permissions:

"ec2.AssociateAddress"
shariqmaws
  • 8,152
  • 1
  • 16
  • 35
  • 1
    Thanks for the suggestion. How do I apply "ec2.AssociateAddress" through AWS UI? Please let me know – Raja SGS Jul 07 '20 at 20:56
1

To apply the various EC2 Elastic IP permissions in the AWS console, you can basically follow the instructions in this link below.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-policies-ec2-console.html#ex-eip

I wanted to make sure that my IAM user had all the permissions necessary to view, allocate, associate, release Elastic IPs, so I added permissions through IAM to the specific IAM group by:

  1. Opening the Permissions tab, selecting Add permissions -> Create Inline Policy enter image description here

  2. After naming the policy, added the following into the JSON tab enter image description here

Here's the JSON text below

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeAddresses",
                "ec2:AllocateAddress",
                "ec2:DescribeInstances",
                "ec2:AssociateAddress",
                "ec2:ReleaseAddress",
                "ec2:DescribeAvailabilityZones",
                "ec2:describeCoipPools",
                "ec2:describePublicIpv4Pools"
            ],
            "Resource": "*"
        }
    ]
}
shunkana
  • 334
  • 2
  • 4