IAM Setup for ECS
Task Execution Role
What the ECS agent needs to do on my behalf:
- pull container images
- log to cloudwatch log
- do the AWS API call
Info
Provides access to other AWS resources that require to run the ECS task
Task Role
Itβs for your code:
- app needs to do some AWS API call β pull s3 object
Tip
Task Execution Role is for ECS infrastructure operations, Task Role is for your application code permissions.