AWS Security ChangesHomeSearch

AWS batch documentation change

Service: batch · 2025-04-16 · Documentation low

File: batch/latest/userguide/create-job-definition-Fargate.md

Summary

Added Task properties section with Execution role configuration and ECS execute command guidance

Security assessment

Similar to EC2 version, adds IAM role documentation and ECS execute command security considerations without evidence of patching a vulnerability.

Diff

diff --git a/batch/latest/userguide/create-job-definition-Fargate.md b/batch/latest/userguide/create-job-definition-Fargate.md
index 085921f45..572dcfd2c 100644
--- a//batch/latest/userguide/create-job-definition-Fargate.md
+++ b//batch/latest/userguide/create-job-definition-Fargate.md
@@ -135 +135,13 @@ To maximize your resource utilization, prioritize memory for jobs of a specific
-    7. In the **Logging configuration** section:
+    7. In the **Task properties** section:
+
+      1. For **Execution role - conditional** , choose a role to allow Amazon ECS agents to make AWS API calls on your behalf. For more information on creating an **Execution role** , see [Tutorial: Create the IAM execution role](./create-execution-role.html).
+
+      2. Choose **Enable ECS execute command** , to enable access to the Amazon ECS container shell directly and bypass the host OS. You must choose a **Task role**.
+
+###### Important
+
+The **ECS execute** command requires that file system be writable. 
+
+      3. For **Task role** , choose an Amazon ECS Identity and Access Management (IAM) role to allow the container to make AWS API calls on your behalf. For more information see, [Amazon ECS task IAM role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the _Amazon Elastic Container Service Developer Guide_.
+
+    8. In the **Logging configuration** section: