{ "Version": "2012-10-17", "Statement": [ { "Sid": "ECSCreateCluster", "Effect": "Allow", "Action": [ "ecs:CreateCluster", "ecs:TagResource" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "aws:RequestTag/owner": "${aws:PrincipalTag/owner}", "aws:RequestTag/environment": "${aws:PrincipalTag/environment}" } } }, { "Sid": "ECSDeletion", "Effect": "Allow", "Action": [ "ecs:DeleteCluster", "ecs:DeleteService", "ecs:DeleteTaskSet" ], "Resource": [ "arn:aws:ecs:*:*:cluster/*", "arn:aws:ecs:*:*:service/*", "arn:aws:ecs:*:*:task-set/*" ], "Condition": { "StringEquals": { "aws:ResourceTag/owner": "${aws:PrincipalTag/owner}", "aws:ResourceTag/environment": "${aws:PrincipalTag/environment}" } } }, { "Sid": "ECSUpdate", "Effect": "Allow", "Action": [ "ecs:UpdateContainerAgent", "ecs:UpdateContainerInstancesState", "ecs:UpdateService", "ecs:UpdateServicePrimaryTaskSet", "ecs:UpdateTaskSet", "ecs:StopTask" ], "Resource": [ "arn:aws:ecs:*:*:cluster/*", "arn:aws:ecs:*:*:service/*", "arn:aws:ecs:*:*:task-set/*", "arn:aws:ecs:*:*:container-instance/*", "arn:aws:ecs:*:*:task/*" ], "Condition": { "StringEquals": { "aws:ResourceTag/owner": "${aws:PrincipalTag/owner}", "aws:ResourceTag/environment": "${aws:PrincipalTag/environment}" } } }, { "Sid": "ECSDescribe", "Action": [ "ecs:Describe*", "ecs:List*", "ecs:CreateTaskSet", "ecs:PutAccountSettingDefault", "ecs:PutAccountSetting", "ecs:PutClusterCapacityProviders" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "ECSContainerInstance", "Effect": "Allow", "Action": [ "ecs:DeregisterContainerInstance", "ecs:ListContainerInstances", "ecs:RegisterContainerInstance", "ecs:SubmitContainerStateChange", "ecs:SubmitTaskStateChange" ], "Resource": "arn:aws:ecs:*:*:cluster/*", "Condition": { "StringEquals": { "ecs:ResourceTag/owner": "${aws:PrincipalTag/owner}", "ecs:ResourceTag/environment": "${aws:PrincipalTag/environment}" } } }, { "Sid": "ECSCreateService", "Effect": "Allow", "Action": [ "ecs:CreateService" ], "Resource": [ "arn:aws:ecs:*:*:service/*" ], "Condition": { "StringEquals": { "aws:RequestTag/owner": "${aws:PrincipalTag/owner}", "aws:RequestTag/environment": "${aws:PrincipalTag/environment}" } } }, { "Sid": "ECSTaskControl", "Effect": "Allow", "Action": [ "ecs:StartTask", "ecs:RunTask" ], "Resource": "arn:aws:ecs:*:*:task-definition/*", "Condition": { "StringEquals": { "aws:RequestTag/owner": "${aws:PrincipalTag/owner}", "aws:RequestTag/environment": "${aws:PrincipalTag/environment}" } } }, { "Sid": "ECSRegistration", "Effect": "Allow", "Action": [ "ecs:RegisterContainerInstance" ], "Resource": "arn:aws:ecs:*:*:cluster/*", "Condition": { "StringEquals": { "aws:RequestTag/owner": "${aws:PrincipalTag/owner}", "aws:RequestTag/environment": "${aws:PrincipalTag/environment}" } } }, { "Sid": "ECSTaskDefinition", "Effect": "Allow", "Action": [ "ecs:RegisterTaskDefinition", "ecs:ListTaskDefinitions", "ecs:DescribeTaskDefinition" ], "Resource": [ "*" ] } ] }