Now, you can specify an IAM role for each ECS task. The applications in the task’s containers can then use the AWS SDK or CLI to make API requests to authorized AWS services. This allows the EC2 instance to have a minimal role, respecting the ‘Least Privilege’ access policy and allowing you to manage the instance role and the task role separately. You will also gain visibility as to which task is using which role, tracked in the CloudTrail logs.