You may found FailedInvocations error when you work with ECS scheduled task in AWS. There is no log indicate what was failing, but only leave a entry in CloudWatch that shows it was failed.
After research I realised this was causing by the CloudWatch does not have permission to run the ECS task. It sounds a bit of odd. Because you may think you have never intend to perform any task by CloudWatch. Your task has nothing to do with CloudWatch.
However, it actually not the case. When you setting up a scheduled task (cron job). You have to specify the trigger.
Such as; cron(0 12 * * ? *)
This actually trigger by CloudWatch, which means the start time and frequency are triggered by CloudWatch. Therefore, CloudWatch needs the RunTask permission on ECS.
Under the the Scheduled Tasks definition, you need to specify a ECSEventsRole as below:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecs:RunTask"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": [
"*"
],
"Condition": {
"StringLike": {
"iam:PassedToService": "ecs-tasks.amazonaws.com"
}
}
}
]
}
And make sure CloudWatch Events IAM role set to ECSEventsRole
