Hey Everyone, I was doing some cleanup on the meta...
# dev-metaflow
d
Hey Everyone, I was doing some cleanup on the metaflow cloudformation template, I came across this Role called
ECSRole
defined here https://github.com/Netflix/metaflow-tools/blob/24d0ef0228c3a7bcf9e75e0aa791e76bd091c2e3/aws/cloudformation/metaflow-cfn-template.yml#L222. I don’t see this being used anywhere. Is my understanding correct? And if yes, can we get rid of this?
1
s
@purple-engineer-56290 can you share context about it?
p
This is anecdotal, but ECSRole seems to be a holdover from an old best-practice in ECS Cloudformation templates to create the "service linked role" required for ECS, as (apparently) there were some situations where it either wouldn't get created, or certain types of environments needed extended permissions for the ECS service.
Most (if not all) of those permissions have been roled into the automatic 'AWSServiceRoleForECS' service-linked role, which now gets linked automagically the same way most service roles do nowadays.
It's probably safe to remove it, but when we originally pulled over the ECS-endorsed templates to build for Metaflow, it just seemed harmless to leave it alone since the service principal is ecs.amazonaws.com and it already has all those permissions via the service-linked role anyway.
👍 1
d
Thanks @purple-engineer-56290 for the detailed background. That makes sense. In that case I’ll remove that. I have tested it out by creating a new Metaflow env without that role and everything seems to be running fine. I’ll do some cleanups and raise a PR