AWS AmazonECS documentation change
Summary
Expanded IAM policy attachment instructions with specific use case mappings for managed policies
Security assessment
Clarifies IAM policy usage but does not address security vulnerabilities or introduce new security features - improves operational documentation
Diff
diff --git a/AmazonECS/latest/developerguide/infrastructure_IAM_role.md b/AmazonECS/latest/developerguide/infrastructure_IAM_role.md index 497e1e8e8..a9e7bfb76 100644 --- a//AmazonECS/latest/developerguide/infrastructure_IAM_role.md +++ b//AmazonECS/latest/developerguide/infrastructure_IAM_role.md @@ -67 +67,9 @@ JSON - 3. Depending on your use case, attach the AWS managed `AmazonECSInfrastructureRolePolicyForVolumes`, `AmazonECSInfrastructureRolePolicyForServiceConnectTransportLayerSecurity`, `AmazonECSInfrastructureRolePolicyForVpcLattice`, or `AmazonECSInfrastructureRolePolicyForManagedInstances` policy to the `ecsInfrastructureRole` role. + 3. Depending on your use case, attach the managed policy to the `ecsInfrastructureRole` role. + + * To attach Amazon EBS volumes to your Fargate or EC2 launch type Amazon ECS tasks, attach the `AmazonECSInfrastructureRolePolicyForVolumes` managed policy. + + * To use Transport Layer Security (TLS) to encrypt traffic between your Amazon ECS Service Connect services, attach the `AmazonECSInfrastructureRolePolicyForServiceConnectTransportLayerSecurity` managed policy. + + * To create Amazon VPC Lattice target groups, attach the `AmazonECSInfrastructureRolePolicyForVpcLattice` managed policy. + + * You want to use Amazon ECS Managed Instances in your Amazon ECS clusters, attach the `AmazonECSInfrastructureRolePolicyForManagedInstances` managed policy.