Policy: AmazonEC2ContainerServiceforEC2Role ARN: arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role Allowed Actions Actions Services ec2:DescribeTags ec2 ecr:BatchCheckLayerAvailability ecr ecr:BatchGetImage ecr ecr:GetAuthorizationToken ecr ecr:GetDownloadUrlForLayer ecr ecs:CreateCluster ecs ecs:DeregisterContainerInstance ecs ecs:DiscoverPollEndpoint ecs ecs:Poll ecs ecs:RegisterContainerInstance ecs ecs:StartTelemetrySession ecs ecs:Submit* ecs ecs:TagResource ecs ecs:UpdateContainerInstancesState ecs logs:CreateLogStream logs logs:PutLogEvents logs