AWS Security ChangesHomeSearch

AWS AmazonECS documentation change

Service: AmazonECS · 2026-05-22 · Documentation medium

File: AmazonECS/latest/developerguide/security-iam-roles.md

Summary

Enhanced IMDS security recommendation with specific risks and credential exposure details.

Security assessment

Strengthened security guidance by specifying that blocking IMDS prevents access to 'sensitive instance-level data' and 'instance profile credentials', improving documentation of security best practices.

Diff

diff --git a/AmazonECS/latest/developerguide/security-iam-roles.md b/AmazonECS/latest/developerguide/security-iam-roles.md
index 09e799957..5f77ba1d2 100644
--- a//AmazonECS/latest/developerguide/security-iam-roles.md
+++ b//AmazonECS/latest/developerguide/security-iam-roles.md
@@ -137 +137 @@ We recommend that you do the following when setting up your task IAM roles and p
-When you run your tasks on Amazon EC2 instances, we strongly recommend that you block access to Amazon EC2 metadata to prevent your containers from inheriting the role assigned to those instances. If your applications have to call an AWS API action, use IAM roles for tasks instead.
+When you run your tasks on Amazon EC2 instances, we strongly recommend that you block container access to the Amazon EC2 Instance Metadata Service (IMDS) to prevent your containers from accessing sensitive instance-level data, including the instance profile credentials of the instance. If your applications have to call an AWS API action, use IAM roles for tasks instead.