Amazon Elastic Container Service
Developer Guide (API Version 2014-11-13)

Creating Amazon ECS IAM Policies

You can create specific IAM policies to restrict the calls and resources that users in your account have access to, and then attach those policies to IAM users.

When you attach a policy to a user or group of users, it allows or denies the users permission to perform the specified tasks on the specified resources. For more information about IAM policies, see Permissions and Policies in the IAM User Guide. For more information about custom IAM policies, see Managing IAM Policies.

To create an IAM policy for a user

  1. Open the IAM console at

  2. In the navigation pane, choose Policies, Create policy.

  3. On the Visual editor tab, choose Choose a Service, Elastic Container Service.

  4. Choose Select actions and select the actions to add to the policy. For more information, see Amazon ECS IAM Policy Examples.

  5. (Optional) Choose Specify request conditions (optional) to add conditions to the policy that you are creating. Conditions limit a JSON policy statement's effect. For example, you can specify that a user is allowed to perform the actions on the resources only when that user's request happens within a certain time range. You can also use commonly used conditions to limit whether a user must be authenticated using a multi-factor authentication (MFA) device, or if the request must originate from within a certain range of IP addresses. For lists of all of the context keys that you can use in a policy condition, see AWS Service Actions and Condition Context Keys for Use in IAM Policies.

  6. Choose Review policy.

  7. In the Name field, type your own unique name, such as AmazonECSUserPolicy.

  8. Choose Create Policy to finish.

To attach an IAM policy to a user

  1. Open the IAM console at

  2. In the navigation pane, choose Users and then choose the user you would like to attach the policy to.

  3. Choose Permissions, Add permissions.

  4. In the Grant permissions section, choose Attach existing policies directly.

  5. Select the custom policy that you created in the previous procedure and choose Next: Review.

  6. Review your details and choose Add permissions.