stackoom
  简体   繁体   中英

Task execution role for ECS tasks - Cloudformation

 原文  2020-07-30 07:48:48       amazon-web-services/ amazon-cloudformation/ amazon-iam/ amazon-ecs

Question

I am trying to access an IAM role which I created using aws console. The role was simple as I had to give in ecs taskexcutionrole so that it has the permission to pull the image from ECR. I have come up with this code what am I missing in this code?

    Role:
        Type: 'AWS::IAM::Role'
        Properties:
          AssumeRolePolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Principal:
                  Service:
                    - ec2.amazonaws.com
                Action:
                  - 'sts:AssumeRole'
          Path: /
          ManagedPolicyArns:
            - arn:aws:iam::02004621356:role/ecs-ec2-task

2- What if I want to create a new task execution role and give only permission to pull the image from ECR what changes I should make?

1 answers

solution1
 2 ACCPTED  2020-07-30 07:50:20

The trust principle should be ecs-tasks.amazonaws.com :

Role:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - ecs-tasks.amazonaws.com
            Action:
              - 'sts:AssumeRole'
      Path: /
      ManagedPolicyArns:
        - arn:aws:iam::02004621356:role/ecs-ec2-task
      Policies: 
        - PolicyName: AccessECR
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action: 
                  - ecr:BatchGetImage
                  - ecr:GetAuthorizationToken
                  - ecr:GetDownloadUrlForLayer 
                Resource: '*'

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS ECS - How to pass task's execution role to Boto3? Terraform aws error creating IAM Role ecs_task_execution_role: MalformedPolicyDocument: Has prohibited field Resource Multiple Tasks Definition on ECS Service using CloudFormation ECS Fargate task not applying role AWS Cloudformation : ECS Task definition ARN AWS ECS Assumed Role using CloudFormation. Where to get assumed role for Docker micro service deployed in ECS? Is there a way to create aws lambda execution role with cloudformation? AWS ECS Create Scheduled Tasks (cron) via Cloudformation ECS tasks stuck in PENDING when updating via cloudformation Add a specific IAM role to the ECS task definition
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM