Hi All I am trying to determine what AWS IAM policies are re

Question

Hi All I am trying to determine what AWS IAM policies are required for running flows as ECS tasks If my flow storage is in S3 where would I assign the appropriate role so that the ECSAgent can read them These are the places I can think of on the server running `prefect agent ecs start` with any of the aws cli ways setting `task role arn` on either agent start or `ECSRun` setting `execution role arn` on either agent start or `ECSRun` In the task container Any insight on the differences of these would also be appreciated

Jim Crist-Harif · Answer

You d set `task role arn` either on the agent default for all flow runs started by the agent or as part of `ECSRun`

Jim Crist-Harif · Answer

The difference between `task role arn` and `execution role arn` is a bit confusing Task roles are for assigning IAM policies to things the task can do once it starts e g pull from S3 Execution roles are for things AWS needs to start the container e g pull an image from ECR

Jan Marais · Answer

Thanks for the speedy reply

Jan Marais · Answer

Understood Thank you for taking the time to explain

Jan Marais · Answer

Success

Jim Crist-Harif · Answer

Glad to hear it