'Why does ECS integration new-relic task require AmazonEC2ContainerServiceforEC2Role?

We are trying to use the AWS Cloudformation way of installing the ECS integration for our clusers with NewRelic as described in this link I observed that this cloud formation first creates few IAM roles for Task that will be executed as daemon service and one of the roles on the Task created is AmazonEC2ContainerServiceforEC2Role , which includes permissions to operated with Container Instances, including Deregistering the Container Instance. I am interested to understand under what circumstances will this daemon task required to Deregister instance or for that matter Create cluster or register instance. The complete list of permissions given by IAM are as below. Can someone please elaborated why would we need this in first place. Tried putting this in newrelic discussion forums but havent had any luck yet

"ec2:DescribeTags", "ecs:CreateCluster", "ecs:DeregisterContainerInstance", "ecs:DiscoverPollEndpoint", "ecs:Poll", "ecs:RegisterContainerInstance", "ecs:StartTelemetrySession", "ecs:UpdateContainerInstancesState", "ecs:Submit*", "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "logs:CreateLogStream", "logs:PutLogEvents"
amazon-ecsnewrelic


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Error response from daemon: ........... connect: connection refused AWS ECS

Debugging Pulumi "ResourceNotReady: exceeded wait attempts"

How to monitor disk space/file system usage of ecs cluster using fargate

how to provide environment variables to AWS ECS task definition?

AWS ECS Fargate and port mapping

How to speed up deployments on AWS Fargate?

How to use Application Load Balancer for an ECS Service with multiple port mappings?

AWS Fargate failing healthchecks

Why do I get an error about executionRoleArn not being specified when it's clearly specified in the file?

Cloudformation KeyValuePair List as a parameter

ECS Fargate task failing to start: "standard_init_linux.go:228: exec user process caused: exec format error" even when built for amd64

ECS Service Discovery from other service outside VPC

Dynamic Stage Routing / Multi-Cluster Setup with Fargate

Docker : compose file is incompatible with Amazon ECS

Setting URL of ECS container health check