The following are the workflow tasks for ECS / Fargate and their respective policies:
Common permissions:
ecs:Describe*
ecs:List*
- Scale/Shutdown : Select the capacity of a service within Fargate. If you select ‘zero’ the service will be stopped and therefore you will not be charged by AWS.
ecs:UpdateService
ecs:UpdateService
- Change Fargate Provisioning Strategy : Choose the percentage of Fargate and Fargate SPOT within your cluster. Used in gradual migrations and changes to Fargate SPOT
ecs:UpdateService
Change Task Definition: choose the name of the task definition. The most common use case is to upgrade to a larger or smaller Task Definition (more CPU/memory) as if it were an upgrade/download. By reducing the size of containers outside business hours and weekends, it is possible to achieve interesting cost reductions.
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"iam:GetRole",
"iam:PassRole"
],
"Resource": "arn:aws:iam::___IDAWS___:role/ecsTaskExecutionRole"
},{
"Action": [
"ecs:UpdateService"
],
"Effect": "Allow"
}]
}