4

I'm looking for an example of how to assume a role from within a running application within ECS.

I have a role setup, and I've added the roleARN to the task definition, using the setup here: https://docs.aws.amazon.com/en_us/AmazonECS/latest/developerguide/task-iam-roles.html

Can I then assume the role from the application logic as usual? Or is there something special required?

I have this setup working, but with a IAM User which has a Secret Key and Access Key used as credentials within my application. Would switching this auth to the assume role be possible with the setup above?

fuzzi
  • 1,967
  • 9
  • 46
  • 90

1 Answers1

5

The AWS SDK and CLI will automatically handle using the credentials from the assigned IAM task role.

Note that when you specify an IAM role for a task, the AWS CLI or other SDKs in the containers for that task use the AWS credentials provided by the task role exclusively and they no longer inherit any IAM permissions from the container instance.

Jake Rullman
  • 64
  • 3
  • Suppose I have added a taskRole to access my S3 buckets and the EC2 instance IAM role have access to DynamoDB table along with the mandate "AmazonEC2ContainerServiceforEC2Role", Will I be able to access both of these services or taskRole overrides the permissions from the EC2 IAM role? – Kishor Unnikrishnan Apr 20 '23 at 07:42