2개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
1
Just create the client as you would anywhere, The SDK will figure out that it's "in" an ECS task and get the credentials from its metadata.
Depending on what you're doing, the metadata endpoint might be enough so you might not need this at all 😊 https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html
Good luck!
답변함 2년 전
1
you don't need to pass any credential to your spring application (even it is dangerous). Your application run on ECS so, your application can use the task execution role, the task role grants additional AWS permissions required by your application once the container is started. So you can on task Role attach the ECS permission.
Example using Terraform as IAC
resource "aws_iam_policy" "example-policy" {
name = "example"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"application-autoscaling:DescribeScalableTargets",
"ecs:ListServices",
"ecs:UpdateService",
"ecs:ListTasks",
"ecs:DescribeServices",
"ecs:DescribeTasks",
"ecs:DescribeClusters",
"ecs:ListClusters",
]
Effect = "Allow"
Resource = "*"
}
]
})
}
답변함 2년 전
관련 콘텐츠
- AWS 공식업데이트됨 2년 전