AWS Security ChangesHomeSearch

AWS AmazonECS documentation change

Service: AmazonECS · 2026-02-25 · Documentation low

File: AmazonECS/latest/developerguide/document_history.md

Summary

Updated permissions documentation for AmazonECSInfrastructureRolePolicyForManagedInstances to support Capacity Reservations

Security assessment

The change documents IAM policy updates for capacity reservation integration but shows no evidence of addressing a specific vulnerability. It enhances security documentation by detailing new permissions requirements.

Diff

diff --git a/AmazonECS/latest/developerguide/document_history.md b/AmazonECS/latest/developerguide/document_history.md
index 125aec74c..cd01ba5c5 100644
--- a//AmazonECS/latest/developerguide/document_history.md
+++ b//AmazonECS/latest/developerguide/document_history.md
@@ -10,0 +11,7 @@ Change |  Description |  Date
+Update permissions to `AmazonECSInfrastructureRolePolicyForManagedInstances`.  |  The `AmazonECSInfrastructureRolePolicyForManagedInstances` policy has been updated to support Capacity Reservations on Amazon ECS Managed Instances by adding the following permissions: 
+
+  * `resource-groups:ListGroupResources` permission has been added to allow Amazon ECS to fetch a grouping of capacity reservations. To run this command, the following permissions are also required: `cloudformation:DescribeStacks`, `cloudformation:ListStackResources`, `tag:GetResources`
+  * `ec2:DescribeCapacityReservations` permission has been added to allow Amazon ECS to gather details about capacity reservations necessary to integrate with Amazon ECS Managed Instances.
+  * `ec2:RunInstances` permission has been modified to include Amazon ResourceGroups group resources for Amazon ECS to provision targeted Amazon EC2 capacity reservations.
+
+| February 24, 2026