What is the difference between ECS's Container instance IAM role and Task execution role ( I know task role concept but confused between Container instance IAM role and Task execution ). Thanks in advance.
CodePudding user response:
Container Instance IAM Role: The role assigned to the EC2 instance that your ECS tasks will be deployed to. This role is not used if you are deploying to Fargate. The description of this role is:
Amazon ECS attaches this policy to a service role that allows Amazon ECS to perform actions on your behalf against Amazon EC2 instances or external instances.
This role is used by the EC2 instances to register/join the ECS cluster.
Task execution role: Used by the ECS service to do things like pull the image from ECR and send container logs to CloudWatch.
Task role: This role is optional. It is the role your application code running in the ECS task container can assume to make AWS API calls.