ECS task definitions must maintain unique execution/task roles

ecs
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

Amazon ECS task definitions should use different IAM roles for task execution and task operations to ensure proper security isolation and least-privilege access. When a task definition uses the same IAM role for both taskRoleArn and executionRoleArn, it violates the principle of least privilege by granting the application unnecessary permissions to AWS resources required only for container management.

Remediation

Use separate IAM roles for taskRoleArn and executionRoleArn in your ECS task definitions. Refer to the Amazon ECS task IAM role and task execution IAM role documentation for configuration details.