AWS AmazonECS documentation change
Summary
Added documentation about custom task definition behavior regarding IAM roles and logging
Security assessment
Clarifies security-critical IAM role inheritance when using custom task definitions, documenting security feature behavior without addressing vulnerabilities.
Diff
diff --git a/AmazonECS/latest/developerguide/express-service-work.md b/AmazonECS/latest/developerguide/express-service-work.md index 003a2cd6f..d9e16cca1 100644 --- a//AmazonECS/latest/developerguide/express-service-work.md +++ b//AmazonECS/latest/developerguide/express-service-work.md @@ -89,0 +90,2 @@ The following defaults are set by Express Mode but can be updated in the Task De +You can also provide a custom task definition using the `taskDefinitionArn` parameter. Express Mode uses your task definition as-is, including CPU, memory, container definitions, and any additional containers or settings you define. + @@ -145,0 +148,2 @@ The following defaults are set by Express Mode but can be updated in the Task De +When you provide a custom task definition using the `taskDefinitionArn` parameter, you configure logging within the task definition. + @@ -263,0 +268,2 @@ The following IAM roles are configured by Express Mode automatically. +When you provide a custom task definition using the `taskDefinitionArn` parameter, the task execution role and task role are read from your task definition. +