- 最新
- 投票最多
- 评论最多
This was resolved by ensuring that the role's policy was specifying the task's ARN with the version being a * instead of the specific version.
i.e.
BAD - Only allow latest version
Resource: !Sub
- "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:task-definition/${EnvironmentName}-${TaskName}"
- TaskName: !FindInMap [Inventory, Project, Name]
GOOD - Allows specific versions to be defined
Resource: !Sub
- "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:task-definition/${EnvironmentName}-${TaskName}:*"
- TaskName: !FindInMap [Inventory, Project, Name]
When this is setup correctly, you can now Edit in the UI as well with all fields being populated as expected. The auto-generated policy does not include ALL version permissions, only Latest.
Thank you for bringing this to our attention. I will track this as an issue to improve our console policies for ECS tasks.
相关内容
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前