AWS AmazonECS documentation change
Summary
Added clarification about task IAM role requirements for ECS Exec, specifying that EC2 tasks without task roles use the instance role.
Security assessment
The change documents security permission requirements for ECS Exec functionality but doesn't address a specific vulnerability. It enhances documentation about IAM role best practices for a security feature.
Diff
diff --git a/AmazonECS/latest/developerguide/ecs-exec.md b/AmazonECS/latest/developerguide/ecs-exec.md index 772859284..353e8b063 100644 --- a//AmazonECS/latest/developerguide/ecs-exec.md +++ b//AmazonECS/latest/developerguide/ecs-exec.md @@ -56,0 +57,2 @@ Consider the following when using ECS Exec: + * Your task requires a task IAM role with the required permissions for SSM Session Manager. For tasks on Amazon EC2, if no task role is configured, the instance role of the underlying Amazon EC2 instance is used instead. For more information, see [ECS Exec permissions](./task-iam-roles.html#ecs-exec-required-iam-permissions). +