Skip to content
This repository has been archived by the owner on Jan 4, 2024. It is now read-only.

Setup task role #16

Open
wichert opened this issue Mar 30, 2017 · 1 comment
Open

Setup task role #16

wichert opened this issue Mar 30, 2017 · 1 comment

Comments

@wichert
Copy link
Contributor

wichert commented Mar 30, 2017

The ECS documentation suggests best practice is to setup a task role to limit what your task can do. As far as I can see something like this should work:

    TaskRole:
        Type: AWS::IAM::Role
        Properties:
            AssumeRolePolicyDocument:
              Version: "2012-10-17"
              Statement:
                - Effect: Allow
                  Principal:
                    Service: "ecs-tasks.amazonaws.com"
                  Action:
                    - "sts:AssumeRole"
            ManagedPolicyArns:
              - "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"


    TaskDefinition:
        Type: AWS::ECS::TaskDefinition
        Properties:
            TaskRoleArn: !GetAtt TaskRole.Arn
            Family: product-service
            ....
@liozzazhang
Copy link

it works fine. thanks

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wichert @liozzazhang