Skip to content
This repository has been archived by the owner on Jan 24, 2024. It is now read-only.

Document IAM policy for EC2 instances (minimum role) #26

Open
simplesteph opened this issue Feb 12, 2017 · 3 comments
Open

Document IAM policy for EC2 instances (minimum role) #26

simplesteph opened this issue Feb 12, 2017 · 3 comments

Comments

@simplesteph
Copy link
Contributor

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/instance_IAM_role.html
@thsutton
Copy link
Contributor

thsutton commented May 4, 2017

Also probably relevant:

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/check-service-role.html

@thsutton
Copy link
Contributor

thsutton commented May 4, 2017

And I believe I had to add the following to the ecsServiceRole to have ECS tasks self-register properly with ELB:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:AuthorizeSecurityGroupIngress",
        "ec2:Describe*",
        "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
        "elasticloadbalancing:DeregisterTargets",
        "elasticloadbalancing:Describe*",
        "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
        "elasticloadbalancing:RegisterTargets"
      ],
      "Resource": "*"
    }
  ]
}

@simplesteph
Copy link
Contributor Author

yes and yes. We're actually using IAM roles for ecs tasks and that works well. We need to move that kind of documentation to a Wiki

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thsutton @simplesteph