Amazon ECS now supports additional resource-level permissions and tag-based access controls
Amazon ECS customers now have additional options for controlling API access to ECS resources. With resource-level permissions (RLP) for services and task sets, you can now create IAM policies that allow or deny the ability to create, update, delete, or describe specific services and task sets.
With tag-based access control (TBAC) for services, you can now create IAM policies that allow or deny ECS API actions on services based on the tags applied to those services. These new features give you increased flexibility to manage access to your ECS resources.
RLP for service and task-sets and TBAC for services is available in all regions where ECS is available. To get started with RLP and TBAC on ECS, and to view a complete list of ECS API actions and resource types that can be used with RLP and TBAC, visit our documentation.