ssm.amazon.com
and assign AmazonSSMManagedInstanceCore
and AmazonEC2ContainerServiceforEC2Role
policies to it.Here is the high level description of what each of these policies are responsible for:
Run the following command from the root directory to create role and associate IAM policies required for setting up the ECS-anywhere cluster
aws iam create-role --role-name $ROLE_NAME --assume-role-policy-document file://ssm-trust-policy.json
aws iam attach-role-policy --role-name $ROLE_NAME --policy-arn arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
aws iam attach-role-policy --role-name $ROLE_NAME --policy-arn arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role
# Verify
aws iam list-attached-role-policies --role-name $ROLE_NAME