1回答
- 新しい順
- 投票が多い順
- コメントが多い順
2
It's job role
. The Job role configuration
field in the UI has this bulrb: "You can optionally specify an IAM role that provides the container in your job with permissions to use the AWS APIs. This feature uses Amazon ECS IAM roles for tasks functionality." That is what you want to use if you want to grant the process in your container access to, say, S3 (or any other AWS service).
The job execution role
is assigned to the low level agent and it enables it to pull the container image from ECR, it enables it to read from Secrets Manager and pass the secrets to the containers as variable, and a few other low level infra things.