Product logo
DocsBlogPricing

Permissions for @turbot/aws-ecs

Taking a look at permissions and associated grant levels for each permission for ECS:

PermissionGrant LevelHelp
ecs:CreateClusterAdmin
ecs:CreateServiceAdmin
ecs:DeleteAccountSettingAdmin
ecs:DeleteAttributesAdmin
ecs:DeleteClusterAdmin
ecs:DeleteServiceAdmin
ecs:DeregisterContainerInstanceAdmin
ecs:DeregisterTaskDefinitionAdmin
ecs:DescribeClustersMetadata
ecs:DescribeContainerInstancesMetadata
ecs:DescribeServicesMetadata
ecs:DescribeTaskDefinitionMetadata
ecs:DescribeTasksMetadata
ecs:DiscoverPollEndpointAdmin"This action is only used by the Amazon EC2 Container Service agent
ecs:ExecuteCommandAdmin
ecs:ListAccountSettingsMetadata
ecs:ListAttributesMetadata
ecs:ListClustersMetadata
ecs:ListContainerInstancesMetadata
ecs:ListServicesMetadata
ecs:ListTagsForResourceMetadata
ecs:ListTaskDefinitionFamiliesMetadata
ecs:ListTaskDefinitionsMetadata
ecs:ListTasksMetadata
ecs:PollAdmin"This action is only used by the Amazon EC2 Container Service agent
ecs:PutAccountSettingAdminThe root user has the ability to opt in or opt out any specific IAM role or user on the account.
ecs:PutAttributesAdmin
ecs:RegisterContainerInstanceAdmin"This action is only used by the Amazon EC2 Container Service agent
ecs:RegisterTaskDefinitionAdmin
ecs:RunTaskOperator
ecs:StartTaskOperator
ecs:StartTelemetrySessionAdmin"This action is only used by the Amazon EC2 Container Service agent
ecs:StopTaskOperator
ecs:SubmitContainerStateChangeAdmin"This action is only used by the Amazon EC2 Container Service agent
ecs:SubmitTaskStateChangeAdmin"This action is only used by the Amazon EC2 Container Service agent
ecs:TagResourceOperator
ecs:UntagResourceOperator
ecs:UpdateContainerAgentAdmin
ecs:UpdateContainerInstancesStateAdmin
ecs:UpdateServiceAdmin
ecs:DeregisterContainerInstanceAdminContainer instances deleted by auto scaling only have ec2:TerminateInstances event