AWS Security ChangesHomeSearch

AWS AmazonECS documentation change

Service: AmazonECS · 2026-05-07 · Documentation medium

File: AmazonECS/latest/developerguide/ecs-exec.md

Summary

Added clarification about task IAM role requirements for ECS Exec, specifying that EC2 tasks without task roles use the instance role.

Security assessment

The change documents security permission requirements for ECS Exec functionality but doesn't address a specific vulnerability. It enhances documentation about IAM role best practices for a security feature.

Diff

diff --git a/AmazonECS/latest/developerguide/ecs-exec.md b/AmazonECS/latest/developerguide/ecs-exec.md
index 772859284..353e8b063 100644
--- a//AmazonECS/latest/developerguide/ecs-exec.md
+++ b//AmazonECS/latest/developerguide/ecs-exec.md
@@ -56,0 +57,2 @@ Consider the following when using ECS Exec:
+    * Your task requires a task IAM role with the required permissions for SSM Session Manager. For tasks on Amazon EC2, if no task role is configured, the instance role of the underlying Amazon EC2 instance is used instead. For more information, see [ECS Exec permissions](./task-iam-roles.html#ecs-exec-required-iam-permissions).
+