PoeppingT
commented
1 year ago I don't think it will, but we should make sure that the updated IAM policy doesn't break SSM Session Manager connections (connect through the AWS Console without a key pair) to the underlying EC2 host.
Confirmed that with ECS Exec enabled I can connect to a running EC2 instance using the Session Manager connect option.
This commit adds support for the ECS Exec feature of ECS. Enabling ECS Exec in the Admin UI for a given service will create the ECS Service with the ExecuteCommand option and allowed permissions for ExecuteCommand, which will let admins run commands on tenant service containers for debugging purposes. Those permissions are also explicitly denied for services where ECS Exec is not enabled.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license