Yet another CI/CD pipeline for containerized API application to AWS! > Preparation > Create IAM Roles > Create ECS Task Role

Create ECS Task Role

1. Go to AWS IAM console.

2. In the left sidebar,

Choose Policies.
Click Create policy.

0001

3. In Policy editor section,

Select JSON tab.
Fill out the following policy. Replace <YOUR-AWS-ACCOUNT-ID> with yours.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "secretsmanager:DescribeSecret",
                "secretsmanager:GetSecretValue"
            ],
            "Resource": "arn:aws:secretsmanager:us-east-1:<YOUR-AWS-ACCOUNT-ID>:secret:*"
        }
    ]
}

0002

Scroll down to the bottom. Click Next.

0003

4. In Policy details section, enter ecsTaskRolePolicy for Policy name.

0004

Scroll down to the bottom. Click Create policy.

0005

5. In the left sidebar,

Choose Roles.
Click Create role.

0006

6. In Trusted entity type section, choose Custom trust policy.

0007

In Custom trust policy section, fill out the following policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "ecs-tasks.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

0008

Scroll down to the bottom. Click Next.

0009

7. In the Permissions policies section,

Filter with the value ecsTaskRolePolicy.
Select ecsTaskRolePolicy.
Click Next.

00010

8. In Role details section, enter ecsTaskRole for Role name.

00011

Scroll down to the bottom. Click Create role.

00012