Allow specifying custom Instance Policy/Role in `ecs up` about amazon-ecs-cli HOT 7 CLOSED

@samuelkarp Would you be open to a PR implementing this?

from amazon-ecs-cli.

@2opremio, sure!

from amazon-ecs-cli.

@samuelkarp I see two options here:

1. Allow changing the role to something other than AmazonEC2ContainerServiceforEC2Role
2. Allow overriding the full instance policy

We could do both (1) and (2) but, if we assume we only want one option, I would go for (2) since (1) has the extra dependency of creating a managed policy in advance (if a preexisting managed policy is not good enough).

Thoughts?

from amazon-ecs-cli.

A role can have multiple policies, so it is probably more flexible to allow additional policies. See the CloudFormation documentation for information on associating multiple policies with a role.

from amazon-ecs-cli.

@samuelkarp Sorry it took a while to answer. Even if we allow additional policies it would require the user to create those with a different tool (Console, AWS CLI etc ...) which can be inconvenient. In our usecase it would be more useful to allow defining the full role. Would this be OK?

I think I may find some time to do this in about a week (next week is going to be really busy for me)..

from amazon-ecs-cli.

Is there any chance of this issue getting addressed?

from amazon-ecs-cli.

We are planning on allowing a new flag, --role, which will allow customers to pass in the ARN of a custom IAM Role. At this time, the customer will still need to create this role outside of the ECS CLI (e.g. via Console, AWS CLI etc). We will also still attach the AmazonEC2ContainerServiceforEC2Role policy to this role, i.e. the customer will not be able to specify a custom IAM Policy.

from amazon-ecs-cli.