Phased out AWS managed IAM policies for Amazon Elastic Container Service
The following AWS managed IAM policies are phased out. These policies are now replaced by the updated policies. We recommend that you update your users or roles to use the updated policies.
AmazonEC2ContainerServiceFullAccess
Important
The AmazonEC2ContainerServiceFullAccess
managed IAM policy was
phased out as of January 29, 2021, in response to a security finding with the
iam:passRole
permission. This permission grants access to all
resources including credentials to roles in the account. Now that the policy is
phased out, you can't attach the policy to any new users or roles. Any users or
roles that already have the policy attached can continue using it. However, we
recommend that you update your users or roles to use the
AmazonECS_FullAccess
managed policy instead. For more
information, see Migrating to
the AmazonECS_FullAccess managed policy.
AmazonEC2ContainerServiceRole
Important
The AmazonEC2ContainerServiceRole
managed IAM policy is phased
out. It's now replaced by the Amazon ECS service-linked role. For more information,
see Using service-linked roles for
Amazon ECS.
AmazonEC2ContainerServiceAutoscaleRole
Important
The AmazonEC2ContainerServiceAutoscaleRole
managed IAM policy
is phased out. It's now replaced by the Application Auto Scaling service-linked role for Amazon ECS.
For more information, see Service-linked roles for Application Auto Scaling in the
Application Auto Scaling User Guide.