## permissions needed for ECS agent on Fargate to pull image and exec container resource :IamRoleExec, 'AWS::IAM::Role' do

path '/'
assume_role_policy_document(
  Version: '2012-10-17',
  Statement: [
    {
      Effect: :Allow,
      Principal: {
        Service: 'ecs-tasks.amazonaws.com'
      },
      Action: 'sts:AssumeRole'
    }
  ]
)
managed_policy_arns [
  'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'
]

end