32 lines
919 B
Markdown
32 lines
919 B
Markdown
## Requirements
|
|
|
|
This plugin relies on AWS API credentials, using the same configuration files as
|
|
the AWS command line.
|
|
|
|
Such credentials can be configured by the `docker ecs setup` command, either by
|
|
selecting an existing AWS CLI profile from existing config files, or by creating
|
|
one passing an AWS access key ID and secret access key.
|
|
|
|
## Permissions
|
|
|
|
AWS accounts (or IAM roles) used with the ECS plugin require following permissions:
|
|
|
|
- ec2:DescribeSubnets
|
|
- ec2:DescribeVpcs
|
|
- iam:CreateServiceLinkedRole
|
|
- iam:AttachRolePolicy
|
|
- cloudformation:*
|
|
- ecs:*
|
|
- logs:*
|
|
- servicediscovery:*
|
|
- elasticloadbalancing:*
|
|
|
|
|
|
## Okta support
|
|
|
|
For those relying on [aws-okta](https://github.com/segmentio/aws-okta) to access a managed AWS account
|
|
(as we do at Docker), you can populate your aws config files with temporary access tokens using:
|
|
```shell script
|
|
aws-okta write-to-credentials <profile> ~/.aws/credentials
|
|
```
|