- Más nuevo
- Más votos
- Más comentarios
This was resolved by ensuring that the role's policy was specifying the task's ARN with the version being a * instead of the specific version.
i.e.
BAD - Only allow latest version
Resource: !Sub
- "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:task-definition/${EnvironmentName}-${TaskName}"
- TaskName: !FindInMap [Inventory, Project, Name]
GOOD - Allows specific versions to be defined
Resource: !Sub
- "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:task-definition/${EnvironmentName}-${TaskName}:*"
- TaskName: !FindInMap [Inventory, Project, Name]
When this is setup correctly, you can now Edit in the UI as well with all fields being populated as expected. The auto-generated policy does not include ALL version permissions, only Latest.
Thank you for bringing this to our attention. I will track this as an issue to improve our console policies for ECS tasks.
Contenido relevante
- OFICIAL DE AWSActualizada hace 9 meses
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace 3 meses