ECS task definitions must maintain unique execution/task roles

ecs
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Description

Amazon ECS task definitions should use different IAM roles for task execution and task operations to ensure proper security isolation and least-privilege access. When a task definition uses the same IAM role for both taskRoleArn and executionRoleArn, it violates the principle of least privilege by granting the application unnecessary permissions to AWS resources required only for container management.

Remediation

Use separate IAM roles for taskRoleArn and executionRoleArn in your ECS task definitions. Refer to the Amazon ECS task IAM role and task execution IAM role documentation for configuration details.