How to get/set AWS ECS container instance role

1
votes

When creating an EC2 based ECS cluster in the AWS console you can specify the container instance role:

enter image description here

However, after the cluster has been created, I don't see any way to view which role was attached to the cluster.

In addition, I don't see any way to specify the container instance role when creating a cluster using the cli or in Cloudformation (or, by extension, the CDK).

My question is two-fold:

  1. Can this property be specified in the API/Cloudformation
  2. Is there any way to view this property on an existing cluster either in the console or using the API/CLI
1
amazon-web-servicesamazon-cloudformationamazon-ecsaws-cdk

1 Answers

4
votes

The console leads you to believe it's an ECS property but in fact it's simply an EC2 property known as "IAM Instance Profile". You have to specify this role by setting the IamInstanceProfile property on a AWS::EC2::Instance or even better on a AWS::EC2::LaunchTemplate resource that can be used inside an AutoScaling group. Small caveat, you won't be able to directly add the role to that property just yet, you will need to create a AWS::IAM::InstanceProfile first like so:

  EcsInstanceProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Roles:
        - ecsInstanceRole

For the sake of completeness, here's how you would then set the property inside a launch template:

  LaunchTemplate:
    Type: AWS::EC2::LaunchTemplate
    Properties:
      LaunchTemplateData:
        IamInstanceProfile:
          Arn: !GetAtt EcsInstanceProfile.Arn
      ...