[ECS][Request]: create IAM Managed Policy for ECS Exec

[colinbjohnson]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request

I would like the ECS Policy defined on the page Using Amazon ECS Exec for debugging to be available as an IAM Managed Policy.

The policy is below as well for reference:

{
   "Version": "2012-10-17",
   "Statement": [
       {
       "Effect": "Allow",
       "Action": [
            "ssmmessages:CreateControlChannel",
            "ssmmessages:CreateDataChannel",
            "ssmmessages:OpenControlChannel",
            "ssmmessages:OpenDataChannel"
       ],
      "Resource": "*"
      }
   ]
}

Which service(s) is this request for? ECS, ECS Fargate

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?

The problem I'm trying to solve is consistency and versioned updates across all AWS customers. While this is a small amount of effort for AWS to implement in AWS customer ecosystem this is a considerable amount of effort and potential source of errors.

Are you currently working around this issue?

We are creating/managing this policy within an AWS CloudFormation template.

Additional context

I (personally) feel like AWS should have a majority of permission snippets available as IAM Managed Policies or somehow use a the service property enable-exec to enable the required permission behind the scenes.

Attachments If you think you might have additional information that you'd like to include via an attachment, please do - we'll take a look. (Remember to remove any personally-identifiable information.)

[ixti]

I think this one is covered by AmazonSSMManagedInstanceCore