☁️
AWS Solutions Architect Associate SAA-C03 Study Notes/
🔶
Amazon ECS/
🟢
Amazon ECS – IAM Roles for ECS
🟢

Amazon ECS – IAM Roles for ECS

EC2 Instance Profile (EC2 Launch Type only)

  • Attached to ECS container instances so the ECS agent can:
    • Communicate with the ECS service
    • Send logs to CloudWatch Logs
    • Pull images from Amazon ECR
    • Retrieve secrets from Secrets Manager or SSM Parameter Store

ECS Task Role

  • Assigned per ECS Task via the task definition.
  • Provides fine-grained permissions so different tasks can access different AWS resources.
  • Example: Task A can write to S3, Task B can read from DynamoDB.

Key Point

  • The instance profile is for ECS agent and container instance operations.
  • The task role is for the application running inside the container.
  • This separation enforces least privilege and better security isolation.