AWS Security ChangesHomeSearch

AWS AmazonECS documentation change

Service: AmazonECS · 2026-07-04 · Documentation low

File: AmazonECS/latest/developerguide/express-service-work.md

Summary

Added documentation about custom task definition behavior regarding IAM roles and logging

Security assessment

Clarifies security-critical IAM role inheritance when using custom task definitions, documenting security feature behavior without addressing vulnerabilities.

Diff

diff --git a/AmazonECS/latest/developerguide/express-service-work.md b/AmazonECS/latest/developerguide/express-service-work.md
index 003a2cd6f..d9e16cca1 100644
--- a//AmazonECS/latest/developerguide/express-service-work.md
+++ b//AmazonECS/latest/developerguide/express-service-work.md
@@ -89,0 +90,2 @@ The following defaults are set by Express Mode but can be updated in the Task De
+You can also provide a custom task definition using the `taskDefinitionArn` parameter. Express Mode uses your task definition as-is, including CPU, memory, container definitions, and any additional containers or settings you define.
+
@@ -145,0 +148,2 @@ The following defaults are set by Express Mode but can be updated in the Task De
+When you provide a custom task definition using the `taskDefinitionArn` parameter, you configure logging within the task definition.
+
@@ -263,0 +268,2 @@ The following IAM roles are configured by Express Mode automatically.
+When you provide a custom task definition using the `taskDefinitionArn` parameter, the task execution role and task role are read from your task definition.
+