updated README.md file with more permissions for one off task

shesaave · shesaave · commit f066fc2b92bb · 2024-08-08T10:44:40.000-04:00
diff --git a/README.md b/README.md
@@ -116,9 +116,9 @@ We recommend following [Amazon IAM best practices](https://docs.aws.amazon.com/I
 * [Monitor the activity](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#keep-a-log) of the credentials used in GitHub Actions workflows.
 
 ## Permissions
-
-This action requires the following minimum set of permissions:
-
+ 
+Running a service requires the following minimum set of permissions:
+ 
 ```json
 {
    "Version":"2012-10-17",
@@ -156,7 +156,38 @@ This action requires the following minimum set of permissions:
    ]
 }
 ```
-
+ 
+Running a one-off/stand-alone task requires the following minimum set of permissions:
+ 
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "RegisterTaskDefinition and runTask",
+            "Effect": "Allow",
+            "Action": [
+                "ecs:RunTask",
+                "ecs:RegisterTaskDefinition",
+                "ecs:DescribeTasks"
+            ],
+            "Resource": "*"
+        },
+        {
+         "Sid":"PassRolesInTaskDefinition",
+         "Effect":"Allow",
+         "Action":[
+            "iam:PassRole"
+         ],
+         "Resource":[
+            "arn:aws:iam::<aws_account_id>:role/<task_definition_task_role_name>",
+            "arn:aws:iam::<aws_account_id>:role/<task_definition_task_execution_role_name>"
+         ]
+         }
+    ]
+}
+ 
+```
 Note: the policy above assumes the account has opted in to the ECS long ARN format.
 
 ## AWS CodeDeploy Support
