Phased out Amazon managed IAM policies for Amazon Elastic Container Service - Amazon Elastic Container Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Phased out Amazon managed IAM policies for Amazon Elastic Container Service

The following Amazon managed IAM policies are phased out. These policies are now replaced by the updated policies. We recommend that you update your IAM users or roles to use the updated policies.

AmazonEC2ContainerServiceFullAccess

Important

The AmazonEC2ContainerServiceFullAccess managed IAM policy was phased out as of January 29, 2021, in response to a security finding with the iam:passRole permission. This permission grants access to all resources including credentials to roles in the account. Now that the policy is phased out, you can't attach the policy to any new IAM users or roles. Any users or roles that already have the policy attached can continue using it. However, we recommend that you update your IAM users or roles to use the AmazonECS_FullAccess managed policy instead. For more information, see Migrating to the AmazonECS_FullAccess managed policy.

AmazonEC2ContainerServiceRole

Important

The AmazonEC2ContainerServiceRole managed IAM policy is phased out. It's now replaced by the Amazon ECS service-linked role. For more information, see Using service-linked roles for Amazon ECS.

AmazonEC2ContainerServiceAutoscaleRole

Important

The AmazonEC2ContainerServiceAutoscaleRole managed IAM policy is phased out. It's now replaced by the Application Auto Scaling service-linked role for Amazon ECS. For more information, see Service-linked roles for Application Auto Scaling in the Application Auto Scaling User Guide.