ECS task definitions must maintain unique execution/task roles

ecs
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

Amazon ECS task definitions should use different IAM roles for task execution and task operations to ensure proper security isolation and least-privilege access. When a task definition uses the same IAM role for both taskRoleArn and executionRoleArn, it violates the principle of least privilege by granting the application unnecessary permissions to AWS resources required only for container management.

Remediation

Use separate IAM roles for taskRoleArn and executionRoleArn in your ECS task definitions. Refer to the Amazon ECS task IAM role and task execution IAM role documentation for configuration details.