- 新しい順
- 投票が多い順
- コメントが多い順
This was resolved by ensuring that the role's policy was specifying the task's ARN with the version being a * instead of the specific version.
i.e.
BAD - Only allow latest version
Resource: !Sub
- "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:task-definition/${EnvironmentName}-${TaskName}"
- TaskName: !FindInMap [Inventory, Project, Name]
GOOD - Allows specific versions to be defined
Resource: !Sub
- "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:task-definition/${EnvironmentName}-${TaskName}:*"
- TaskName: !FindInMap [Inventory, Project, Name]
When this is setup correctly, you can now Edit in the UI as well with all fields being populated as expected. The auto-generated policy does not include ALL version permissions, only Latest.
Thank you for bringing this to our attention. I will track this as an issue to improve our console policies for ECS tasks.
関連するコンテンツ
- AWS公式更新しました 1年前