ECS Service with Admin Roles


It is recommended and considered a standard security advice to grant least privileges that is, granting only the permissions required to perform a task. IAM policies are the means by which privileges are granted to users, groups, services or roles. Determine what services and/or users need to do and then craft policies for them that let the users perform only those tasks, instead of granting full administrative privileges.


For each ECS Service with Admin Roles – perform the following to detach the policy that has full administrative privileges:

1. Sign in to the AWS Management Console and open the IAM console at

2. In the navigation pane, click Policies and then search for the policy name found in the audit step.

3. Select the policy that needs to be deleted.

4. In the policy action menu, select first Detach

5. Select all Users, Groups, Roles that have this policy attached

6. Click Detach Policy

7. In the policy action menu, select Detach







We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!