Amazon ECS instance role - AWS Batch

Amazon ECS instance role

AWS Batch compute environments are populated with Amazon ECS container instances, and they run the Amazon ECS container agent locally. The Amazon ECS container agent makes calls to various AWS API operations on your behalf. Therefore, container instances that run the agent require an IAM policy and role for these services to recognize that the agent belongs to you. You must create an IAM role and an instance profile for those container instances to use when they are launched. Otherwise, you can't create a compute environment and launch container instances into it. This requirement applies to container instances launched with or without the Amazon ECS optimized AMI provided by Amazon. For more information, see Amazon ECS container instance IAM role in the Amazon Elastic Container Service Developer Guide.

The Amazon ECS instance role and instance profile are automatically created for you in the console first-run experience. However, you can use the following procedure to check and see if your account already has the Amazon ECS instance role and instance profile and to attach the managed IAM policy if needed.

To check for the ecsInstanceRole in the IAM console

  1. Open the IAM console at https://console.aws.amazon.com/iam/.

  2. In the navigation pane, choose Roles.

  3. Search the list of roles for ecsInstanceRole. If the role doesn't exist, use the steps below to create the role.

    1. Choose Create Role.

    2. For Select type of trusted entity, choose AWS service. For Choose the service that will use this role, choose Elastic Container Service. For Select your use case, choose EC2 Role for Elastic Container Service.

    3. Choose Next: Permissions, Next: Tags, and Next: Review.

    4. For Role Name, type ecsInstanceRole and choose Create Role.