ansible-aws-infra-services icon indicating copy to clipboard operation
ansible-aws-infra-services copied to clipboard
verified publisher icon simple-machines

Document IAM policy for EC2 instances (minimum role)

Open simplesteph opened this issue 8 years ago • 3 comments

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/instance_IAM_role.html

simplesteph avatar Feb 12 '17 07:02 simplesteph

Also probably relevant:

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/check-service-role.html

thsutton avatar May 04 '17 23:05 thsutton

And I believe I had to add the following to the ecsServiceRole to have ECS tasks self-register properly with ELB:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:AuthorizeSecurityGroupIngress",
        "ec2:Describe*",
        "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
        "elasticloadbalancing:DeregisterTargets",
        "elasticloadbalancing:Describe*",
        "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
        "elasticloadbalancing:RegisterTargets"
      ],
      "Resource": "*"
    }
  ]
}

thsutton avatar May 04 '17 23:05 thsutton

yes and yes. We're actually using IAM roles for ecs tasks and that works well. We need to move that kind of documentation to a Wiki

simplesteph avatar May 05 '17 00:05 simplesteph