From e14564019979e52080be83437dbe174ac226da86 Mon Sep 17 00:00:00 2001 From: allisaurus <34254888+allisaurus@users.noreply.github.com> Date: Thu, 27 May 2021 10:59:28 -0700 Subject: [PATCH] Add note about new ECS ARN format to ECS docs (#10304) * docs: Add note about ECS task ARN format to ECS docs --- website/content/docs/ecs/get-started/install.mdx | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/website/content/docs/ecs/get-started/install.mdx b/website/content/docs/ecs/get-started/install.mdx index 5766314d21..d0e0cd87aa 100644 --- a/website/content/docs/ecs/get-started/install.mdx +++ b/website/content/docs/ecs/get-started/install.mdx @@ -141,7 +141,10 @@ The specific permissions needed are: 1. `ecs:ListTasks` on resource `*`. 1. `ecs:DescribeTasks` on all tasks in this account and region. You can either - use `*` for simplicity or scope it to the region and account, e.g. `arn:aws:ecs:us-east-1:1111111111111:task/*` + use `*` for simplicity or scope it to the region and account, e.g. `arn:aws:ecs:us-east-1:1111111111111:task/*`. If + your account is configured to use the new, [longer ECS task ARN format] + (https://docs.aws.amazon.com/AmazonECS/latest/userguide/ecs-account-settings.html#ecs-resource-ids) + then you can further scope `ecs:DescribeTasks` down to tasks in a specific cluster, e.g. `arn:aws:ecs:us-east-1:1111111111111:task/MY_CLUSTER_NAME/*`. The IAM role's ARN will be passed into the `mesh-task` module in the next step via the `task_role_arn` input.