search

simple-machines / ansible-aws-infra-services

Manage your AWS infrastructure and ECS tasks with two separate ansible playbooks
Apache License 2.0
24 stars 15 forks source link

Document IAM policy for EC2 instances (minimum role) #26

Open simplesteph opened 7 years ago

simplesteph commented 7 years ago

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/instance_IAM_role.html

thsutton commented 7 years ago

Also probably relevant:

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/check-service-role.html

thsutton commented 7 years ago

And I believe I had to add the following to the ecsServiceRole to have ECS tasks self-register properly with ELB:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:AuthorizeSecurityGroupIngress",
        "ec2:Describe*",
        "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
        "elasticloadbalancing:DeregisterTargets",
        "elasticloadbalancing:Describe*",
        "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
        "elasticloadbalancing:RegisterTargets"
      ],
      "Resource": "*"
    }
  ]
}
simplesteph commented 7 years ago

yes and yes. We're actually using IAM roles for ecs tasks and that works well. We need to move that kind of documentation to a Wiki