AWS Batch
User Guide

Amazon ECS Instance Role

AWS Batch compute environments are populated with Amazon ECS container instances, and they run the Amazon ECS container agent locally. The Amazon ECS container agent makes calls to various AWS APIs on your behalf, so container instances that run the agent require an IAM policy and role for these services to know that the agent belongs to you. Before you can create a compute environment and launch container instances into it, you must create an IAM role and an instance profile for those container instances to use when they are launched. This requirement applies to container instances launched with or without the Amazon ECS-optimized AMI provided by Amazon.

The Amazon ECS instance role and instance profile are automatically created for you in the console first-run experience. However, you can use the following procedure to check and see if your account already has the Amazon ECS instance role and instance profile and to attach the managed IAM policy if needed.

To check for the ecsInstanceRole in the IAM console

  1. Open the IAM console at

  2. In the navigation pane, choose Roles.

  3. Search the list of roles for ecsInstanceRole. If the role does not exist, use the steps below to create the role.

    1. Choose Create New Role.

    2. For Select type of trusted entity, choose AWS service. For Choose the service that will use this role, choose Elastic Container Service.

    3. Choose Next: Review, Next: Permissions.

    4. For Role Name, type ecsInstanceRole and choose Create Role.