From fc22300b71abda9770ab56300da9e1ac243072eb Mon Sep 17 00:00:00 2001
From: Kit Ewbank <Kit_Ewbank@hotmail.com>
Date: Thu, 10 May 2018 13:37:28 -0400
Subject: [PATCH] [AWS Fargate] Execution role required if CloudWatch log group
 is specified (#194)

Execution role required if CloudWatch log group is specified.
---
 providers/aws/config.go    | 3 +++
 providers/aws/fargate.toml | 1 +
 2 files changed, 4 insertions(+)

diff --git a/providers/aws/config.go b/providers/aws/config.go
index 4370d2904..77ea9f04c 100644
--- a/providers/aws/config.go
+++ b/providers/aws/config.go
@@ -102,6 +102,9 @@ func (p *FargateProvider) loadConfig(r io.Reader) error {
 	if config.OperatingSystem != providers.OperatingSystemLinux {
 		return fmt.Errorf("Fargate does not support operating system %v", config.OperatingSystem)
 	}
+	if config.CloudWatchLogGroupName != "" && config.ExecutionRoleArn == "" {
+		return fmt.Errorf("Execution role required if CloudWatch log group is specified")
+	}
 
 	// Validate advertised capacity.
 	if q, err = resource.ParseQuantity(config.CPU); err != nil {
diff --git a/providers/aws/fargate.toml b/providers/aws/fargate.toml
index 45ecf878a..fa6f4b276 100644
--- a/providers/aws/fargate.toml
+++ b/providers/aws/fargate.toml
@@ -32,6 +32,7 @@ ExecutionRoleArn = ""
 
 # Amazon CloudWatch log group name used to store container logs. Optional.
 # If omitted, container logs will not be available.
+# If specified, an execution role with access to CloudWatch logs is required.
 CloudWatchLogGroupName = ""
 
 # AWS Fargate platform version. Optional. Defaults to "LATEST".