AWS ECS (IAM)

aws compute

Amazon Elastic Container Service (ECS) is a fully managed container orchestration service for running, stopping, and managing Docker containers on a cluster.

Common permissions

ecs:ListClustersecs:ListServicesecs:DescribeServicesecs:ListTasksecs:DescribeTasksecs:RunTaskecs:CreateServiceecs:TagResource

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ecs:ListClusters",
        "ecs:ListServices",
        "ecs:DescribeServices",
        "ecs:ListTasks",
        "ecs:DescribeTasks",
        "ecs:RunTask",
        "ecs:CreateService",
        "ecs:TagResource"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid ecs:* — grants full control including task and service deletion
Avoid ecs:RunTask unless needed — can start arbitrary tasks consuming resources

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/ecs/ecs.json ↗

API

full doc /v1/iam/ecs