AWS AmazonECS documentation change
Summary
Updated permissions documentation for AmazonECSInfrastructureRolePolicyForManagedInstances to support Capacity Reservations
Security assessment
The change documents IAM policy updates for capacity reservation integration but shows no evidence of addressing a specific vulnerability. It enhances security documentation by detailing new permissions requirements.
Diff
diff --git a/AmazonECS/latest/developerguide/document_history.md b/AmazonECS/latest/developerguide/document_history.md index 125aec74c..cd01ba5c5 100644 --- a//AmazonECS/latest/developerguide/document_history.md +++ b//AmazonECS/latest/developerguide/document_history.md @@ -10,0 +11,7 @@ Change | Description | Date +Update permissions to `AmazonECSInfrastructureRolePolicyForManagedInstances`. | The `AmazonECSInfrastructureRolePolicyForManagedInstances` policy has been updated to support Capacity Reservations on Amazon ECS Managed Instances by adding the following permissions: + + * `resource-groups:ListGroupResources` permission has been added to allow Amazon ECS to fetch a grouping of capacity reservations. To run this command, the following permissions are also required: `cloudformation:DescribeStacks`, `cloudformation:ListStackResources`, `tag:GetResources` + * `ec2:DescribeCapacityReservations` permission has been added to allow Amazon ECS to gather details about capacity reservations necessary to integrate with Amazon ECS Managed Instances. + * `ec2:RunInstances` permission has been modified to include Amazon ResourceGroups group resources for Amazon ECS to provision targeted Amazon EC2 capacity reservations. + +| February 24, 2026