Yet another CI/CD pipeline for containerized API application to AWS! > Preparation > Create IAM Roles > Create ECS Task Role

Create ECS Task Role

1. Go to AWS IAM console.

2. In the left sidebar,

Choose Policies.
Click Create policy.

0001

3. In Policy editor section,

Select JSON tab.
Fill out the following policy. Replace <YOUR-AWS-ACCOUNT-ID> with yours.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "secretsmanager:DescribeSecret",
                "secretsmanager:GetSecretValue"
            ],
            "Resource": "arn:aws:secretsmanager:us-east-1:<YOUR-AWS-ACCOUNT-ID>:secret:*"
        }
    ]
}

0002

4. Scroll down to the bottom. Click Next.

0003

5. In Policy details section, enter ecsTaskRolePolicy for Policy name.

0004

6. Scroll down to the bottom, click Create policy.

0005

7. Back to AWS IAM console.

8. In the left sidebar,

Choose Roles.
Click Create role.

0006

9. In Trusted entity type section, choose Custom trust policy.

0007

10. In Custom trust policy section, fill out the following policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "ecs-tasks.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

0008

11. Scroll down to the bottom, click Next.

0009

12. In the Permissions policies section,

Filter with the value ecsTaskRolePolicy.
Select ecsTaskRolePolicy.
Click Next.

00010

13. In Role details section, enter ecsTaskRole for Role name.

00011

14. Scroll down to the bottom. Click Create role.

00012