Part 3: Serverless WordPress – IAM

Create an IAM (Identity and Access Management) role for the Fargate tasks – give permissions to access RDS, EFS and Systems Manager. This will later be set as the ECS Task Role. You also need to create a task execution role for the Fargate platform to access other AWS services – This will be used for access to SSM Parameter Store (used for storing key-value pairs and secrets)

IAM roles for AWS ECS

ECS Task Role

IAM > Roles > Create role
Elastic Container Service > Elastic Container Service Task >
Role Name: ecs-task-full-access
Allows ECS tasks to call RDS, EFS and SSM with full access.


  • AmazonRDSFullAccess
  • AmazonElasticFileSystemFullAccess
  • AmazonSSMReadOnlyAccess

ECS Task Execution Role

Create a new ECS Task Execution Role, used by the Fargate platform itself to connect with

Create Role > Elastic Container Service Task > Add policy: AmazonECSTaskExecutionRolePolicy
Name: ECSCustomTaskExecutionRole > Save

Add an inline policy to the ECS Task Execution Role

IAM > Roles > ECSCustomTaskExecutionRole > Add inline policy > JSON


Review Policy > Name: ParameterStoreReadAccess > Create

Leave a Reply