compose/ecs/docs/requirements.md

Requirements

This plugin relies on AWS API credentials, using the same configuration files as the AWS command line.

Such credentials can be configured by the docker ecs setup command, either by selecting an existing AWS CLI profile from existing config files, or by creating one passing an AWS access key ID and secret access key.

Permissions

AWS accounts (or IAM roles) used with the ECS plugin require following permissions:

• ec2:DescribeSubnets
• ec2:DescribeVpcs
• iam:CreateServiceLinkedRole
• iam:AttachRolePolicy
• cloudformation:*
• ecs:*
• logs:*
• servicediscovery:*
• elasticloadbalancing:*

Okta support

For those relying on aws-okta to access a managed AWS account (as we do at Docker), you can populate your aws config files with temporary access tokens using:

aws-okta write-to-credentials <profile> ~/.aws/credentials