AWS batch documentation change
Summary
Added Task properties section with Execution role configuration and ECS execute command guidance
Security assessment
Similar to EC2 version, adds IAM role documentation and ECS execute command security considerations without evidence of patching a vulnerability.
Diff
diff --git a/batch/latest/userguide/create-job-definition-Fargate.md b/batch/latest/userguide/create-job-definition-Fargate.md index 085921f45..572dcfd2c 100644 --- a//batch/latest/userguide/create-job-definition-Fargate.md +++ b//batch/latest/userguide/create-job-definition-Fargate.md @@ -135 +135,13 @@ To maximize your resource utilization, prioritize memory for jobs of a specific - 7. In the **Logging configuration** section: + 7. In the **Task properties** section: + + 1. For **Execution role - conditional** , choose a role to allow Amazon ECS agents to make AWS API calls on your behalf. For more information on creating an **Execution role** , see [Tutorial: Create the IAM execution role](./create-execution-role.html). + + 2. Choose **Enable ECS execute command** , to enable access to the Amazon ECS container shell directly and bypass the host OS. You must choose a **Task role**. + +###### Important + +The **ECS execute** command requires that file system be writable. + + 3. For **Task role** , choose an Amazon ECS Identity and Access Management (IAM) role to allow the container to make AWS API calls on your behalf. For more information see, [Amazon ECS task IAM role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the _Amazon Elastic Container Service Developer Guide_. + + 8. In the **Logging configuration** section: