- Newest
- Most votes
- Most comments
This was resolved by ensuring that the role's policy was specifying the task's ARN with the version being a * instead of the specific version.
i.e.
BAD - Only allow latest version
Resource: !Sub
- "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:task-definition/${EnvironmentName}-${TaskName}"
- TaskName: !FindInMap [Inventory, Project, Name]
GOOD - Allows specific versions to be defined
Resource: !Sub
- "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:task-definition/${EnvironmentName}-${TaskName}:*"
- TaskName: !FindInMap [Inventory, Project, Name]
When this is setup correctly, you can now Edit in the UI as well with all fields being populated as expected. The auto-generated policy does not include ALL version permissions, only Latest.
Thank you for bringing this to our attention. I will track this as an issue to improve our console policies for ECS tasks.
Relevant content
- asked 2 years ago
- asked 5 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 8 months ago