ECS task definitions must maintain unique execution/task roles

ecs

Description

Amazon ECS task definitions should use different IAM roles for task execution and task operations to ensure proper security isolation and least-privilege access. When a task definition uses the same IAM role for both taskRoleArn and executionRoleArn, it violates the principle of least privilege by granting the application unnecessary permissions to AWS resources required only for container management.

Remediation

Use separate IAM roles for taskRoleArn and executionRoleArn in your ECS task definitions. Refer to the Amazon ECS task IAM role and task execution IAM role documentation for configuration details.