hands-on lab

IAM for Amazon ECS on AWS Fargate

Up to 45m
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


AWS Identity and Access Management (IAM) helps you securely control access to AWS resources, and Amazon ECS is no exception. IAM controls what can access ECS resources in your AWS accounts. IAM also controls which AWS resources ECS and tasks running in ECS can access. This will be the focus of this lab.

Two types of IAM roles are used by ECS:

  1. ECS task execution role: This role is used by the ECS agent to pull container images and send logs to CloudWatch.
  2. ECS task role: This role is used by the containers to access other AWS services they depend on at runtime.

In this lab, you will learn about the ECS IAM roles first-hand and diagnose and troubleshoot related issues.

Learning objectives

Upon completion of this intermediate-level lab, you will be able to:

  • Explain ECS task execution roles and task roles
  • Diagnose and debug IAM issues in ECS
  • Resolve IAM issues in ECS running

Intended audiences

  • DevOps Engineers
  • Security Specialists
  • Software Engineers


Familiarity with the following topics is required to get the most out of this lab:

  • AWS Identity and Access Management (IAM) fundamentals (roles and policies)
  • Amazon Elastic Container Service (ECS) on AWS Fargate fundamentals
  • Terraform fundamentals, with experience deploying on AWS

The following content can be used to fulfill the prerequisites:

Environment before

Environment after

About the author

Logan Rakai, opens in a new tab
Lead Content Developer - Labs
Learning paths

Logan has been involved in software development and research since 2007 and has been in the cloud since 2012. He is an AWS Certified DevOps Engineer - Professional, AWS Certified Solutions Architect - Professional, Microsoft Certified Azure Solutions Architect Expert, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, Certified Kubernetes Security Specialist (CKS), Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), and Certified OpenStack Administrator (COA). He earned his Ph.D. studying design automation and enjoys all things tech.

LinkedIn, Twitter, GitHub

Covered topics

Lab steps

Logging In to the Amazon Web Services Console
Reviewing the Sample Application Deployed on Amazon ECS With AWS Fargate
Detecting the Task's IAM Issue
Resolving the Task's IAM Issue