IAM

cat << EOF > ecs_task_execution_role_policy.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ssmmessages:CreateControlChannel",
                "ssmmessages:CreateDataChannel",
                "ssmmessages:OpenControlChannel",
                "ssmmessages:OpenDataChannel"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ecr:*",
                "cloudtrail:LookupEvents"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ecr:GetAuthorizationToken",
                "ecr:BatchCheckLayerAvailability",
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage",
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        }
    ]
}
EOF
Shell
복사

aws iam create-policy --policy-name EcsTaskExecutionRolePolicy --policy-document file://ecs_task_execution_role_policy.json
Shell
복사

cat << EOF > ecs_task_execution_role_assume_role_policy.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "ecs-tasks.amazonaws.com"
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
EOF
Shell
복사

aws iam create-role --role-name EcsTaskExecutionRole --assume-role-policy-document file://ecs_task_execution_role_assume_role_policy.json
Shell
복사

aws iam attach-role-policy --role-name EcsTaskExecutionRole --policy-arn arn:aws:iam::362708816803:policy/EcsTaskExecutionRolePolicy
Shell
복사