Hello, I plan on running my flows using ECS and I’d like to have a separate IAM role for each task so it can have the minimum required access. I plan on using Terraform to provision the required AWS resources. I’d like to keep the task’s IAM related code coupled with the flow code so it can be used easily with our CI/CD pipeline. Does anyone have any ideas on how to best achieve this?
It would be great if you could define the permissions needed in the task definition so it could be added in the flow code using
ECSRun, but I don’t believe that is possible. It sounds like the only option is providing the arn of an existing role. Thanks!