Skip to content

fix(ecs): restore -EnableTaskIAMRole parameter for Windows ECS container hosts#37345

Open
syukawa-gh wants to merge 2 commits intoaws:mainfrom
syukawa-gh:fix/ecs-windows-enable-task-iam-role
Open

fix(ecs): restore -EnableTaskIAMRole parameter for Windows ECS container hosts#37345
syukawa-gh wants to merge 2 commits intoaws:mainfrom
syukawa-gh:fix/ecs-windows-enable-task-iam-role

Conversation

@syukawa-gh
Copy link
Copy Markdown
Contributor

@syukawa-gh syukawa-gh commented Mar 24, 2026

The -EnableTaskIAMRole parameter was accidentally removed from the Initialize-ECSAgent PowerShell command in #36362. This parameter is required for Windows container hosts to use task IAM roles.

Closes #36805

@github-actions github-actions bot added bug This issue is a bug. effort/small Small work item – less than a day of effort labels Mar 24, 2026
@aws-cdk-automation aws-cdk-automation requested a review from a team March 24, 2026 06:28
@github-actions github-actions bot added p1 beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK labels Mar 24, 2026
@pahud pahud mentioned this pull request Mar 24, 2026
Open
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 24, 2026
edited
Loading

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
This security report is NOT a review blocker. Please try merge from main to avoid findings unrelated to the PR.

TestsPassed ✅SkippedFailed
Security Guardian Results24 ran24 passed
TestResult
No test annotations available

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 24, 2026
edited
Loading

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
This security report is NOT a review blocker. Please try merge from main to avoid findings unrelated to the PR.

TestsPassed ✅SkippedFailed
Security Guardian Results with resolved templates24 ran24 passed
TestResult
No test annotations available

@pahud pahud mentioned this pull request Mar 24, 2026
Open
@syukawa-gh syukawa-gh force-pushed the fix/ecs-windows-enable-task-iam-role branch from 2c6c306 to 9521464 Compare March 26, 2026 05:16
aws-cdk-automation
aws-cdk-automation requested changes Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull request linter fails with the following errors:

❌ Fixes must contain a change to an integration test file and the resulting snapshot.

If you believe this pull request should receive an exemption, please comment and provide a justification. A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed, add Clarification Request to a comment.

✅ A exemption request has been requested. Please wait for a maintainer's review.

@aws-cdk-automation aws-cdk-automation added the pr/needs-further-review PR requires additional review from our team specialists due to the scope or complexity of changes. label Mar 26, 2026
@syukawa-gh syukawa-gh force-pushed the fix/ecs-windows-enable-task-iam-role branch from 9521464 to 1716b5e Compare March 27, 2026 08:16
@syukawa-gh
Copy link
Copy Markdown
Contributor Author

syukawa-gh commented Mar 27, 2026

Exemption Request

This change adds -EnableTaskIAMRole to the Initialize-ECSAgent PowerShell command for Windows ECS container hosts. The existing integration test integ.cluster-windows-server-ami already covers this code path, and its snapshot has been updated to reflect the change. No new integration test file is needed because the behavioral change is fully captured by the snapshot update.

@aws-cdk-automation aws-cdk-automation added the pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback. label Mar 27, 2026
@aws-cdk-automation aws-cdk-automation added the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Mar 27, 2026
@syukawa-dev
fix(ecs): restore -EnableTaskIAMRole parameter for Windows ECS instances
b91b0f9 
The -EnableTaskIAMRole parameter was removed from the Initialize-ECSAgent
command for Windows container hosts. This parameter is required per AWS
documentation for IAM roles for tasks on Windows.

Closes aws#36805
@syukawa-gh syukawa-gh force-pushed the fix/ecs-windows-enable-task-iam-role branch from 1716b5e to b91b0f9 Compare April 1, 2026 10:23
@syukawa-gh
Copy link
Copy Markdown
Contributor Author

syukawa-gh commented Apr 2, 2026

Correction to my previous comment: After reviewing the diff more carefully, this PR needs unit tests to be added. I will update this PR with the required tests. The Exemption Request above should be disregarded for the unit test requirement.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aws-cdk-automation aws-cdk-automation aws-cdk-automation requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK bug This issue is a bug. effort/small Small work item – less than a day of effort p1 pr/needs-further-review PR requires additional review from our team specialists due to the scope or complexity of changes. pr/needs-maintainer-review This PR needs a review from a Core Team Member pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

aws-ec2: Removal of -EnableTaskIAMRole parameter has broken ECS container host registration on Windows

3 participants

@syukawa-gh @aws-cdk-automation @syukawa-dev