AWS AmazonECS documentation change
Summary
Added IAM read permissions for security analysis and example security assessment prompts
Security assessment
Added IAM permissions enable security posture analysis but don't fix vulnerabilities. New examples demonstrate security configuration checks, documenting security best practices without addressing specific issues.
Diff
diff --git a/AmazonECS/latest/developerguide/ecs-mcp-getting-started.md b/AmazonECS/latest/developerguide/ecs-mcp-getting-started.md index 30beed952..e6c4f4e7c 100644 --- a//AmazonECS/latest/developerguide/ecs-mcp-getting-started.md +++ b//AmazonECS/latest/developerguide/ecs-mcp-getting-started.md @@ -160,0 +161,13 @@ Alternatively, you can create and attach a single custom JSON policy that includ + }, + { + "Sid": "IAMReadOnlyAccessForSecurityAnalysis", + "Effect": "Allow", + "Action": [ + "iam:GetRole", + "iam:ListAttachedRolePolicies", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:ListRolePolicies", + "iam:GetRolePolicy" + ], + "Resource": "*" @@ -280,0 +294,7 @@ You should see a list of your Amazon ECS clusters. +**Example 5: Assess security posture** + + + Are there any security issues with my production cluster? + Analyze IAM roles and policies for my web-service + Check for overly permissive security groups in my ECS cluster +