diff --git a/ecs/pkg/amazon/cloudformation.go b/ecs/pkg/amazon/cloudformation.go
index 2eb6f1df..eec6b854 100644
--- a/ecs/pkg/amazon/cloudformation.go
+++ b/ecs/pkg/amazon/cloudformation.go
@@ -120,6 +120,7 @@ func (c client) Convert(project *compose.Project) (*cloudformation.Template, err
 			Policies:                 rolePolicies,
 			ManagedPolicyArns: []string{
 				ECSTaskExecutionPolicy,
+				ECRReadOnlyPolicy,
 			},
 		}
 		template.Resources[taskDefinition] = definition
diff --git a/ecs/pkg/amazon/iam.go b/ecs/pkg/amazon/iam.go
index 66357730..affcaaae 100644
--- a/ecs/pkg/amazon/iam.go
+++ b/ecs/pkg/amazon/iam.go
@@ -2,6 +2,7 @@ package amazon
 
 const (
 	ECSTaskExecutionPolicy = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
+	ECRReadOnlyPolicy      = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
 
 	ActionGetSecretValue = "secretsmanager:GetSecretValue"
 	ActionGetParameters  = "ssm:GetParameters"
diff --git a/ecs/pkg/amazon/testdata/simple/simple-cloudformation-conversion.golden b/ecs/pkg/amazon/testdata/simple/simple-cloudformation-conversion.golden
index 0910aaf3..0050bca0 100644
--- a/ecs/pkg/amazon/testdata/simple/simple-cloudformation-conversion.golden
+++ b/ecs/pkg/amazon/testdata/simple/simple-cloudformation-conversion.golden
@@ -217,7 +217,8 @@
           "Version": "2012-10-17"
         },
         "ManagedPolicyArns": [
-          "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
+          "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
+          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
         ]
       },
       "Type": "AWS::IAM::Role"
diff --git a/ecs/pkg/amazon/testdata/simple/simple-cloudformation-with-overrides-conversion.golden b/ecs/pkg/amazon/testdata/simple/simple-cloudformation-with-overrides-conversion.golden
index 7c413438..328d627a 100644
--- a/ecs/pkg/amazon/testdata/simple/simple-cloudformation-with-overrides-conversion.golden
+++ b/ecs/pkg/amazon/testdata/simple/simple-cloudformation-with-overrides-conversion.golden
@@ -217,7 +217,8 @@
           "Version": "2012-10-17"
         },
         "ManagedPolicyArns": [
-          "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
+          "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
+          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
         ]
       },
       "Type": "AWS::IAM::Role"