AWS AmazonECS documentation change
Summary
Updated task execution role documentation with specific use cases
Security assessment
Clarifies required permissions for private ECR and logging but does not introduce new security concepts or address vulnerabilities
Diff
diff --git a/AmazonECS/latest/developerguide/task_definition_parameters-managed-instances.md b/AmazonECS/latest/developerguide/task_definition_parameters-managed-instances.md index bf1737ede..c2a1b6493 100644 --- a//AmazonECS/latest/developerguide/task_definition_parameters-managed-instances.md +++ b//AmazonECS/latest/developerguide/task_definition_parameters-managed-instances.md @@ -63 +63 @@ Required: Conditional -The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. +The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. For more information, see [Amazon ECS task execution IAM role](./task_execution_IAM_role.html). @@ -67 +67 @@ The Amazon Resource Name (ARN) of the task execution role that grants the Amazon -The task execution IAM role is required depending on the requirements of your task. For more information, see [Amazon ECS task execution IAM role](./task_execution_IAM_role.html). +The task execution IAM role is required depending on the requirements of your task. The role is required for private ECR image pulls and using the `awslogs` log driver.