Currently I'm trying to convert a Lambda based service with AWS Api Gateway+Lambda to a dockerized version running in Fargate and now I'm struggle about how I handle AWS permissions. For the lambda I just assigned a role and used the AWS V3 SDK to access i.e. S3. Is this now going to work exactly the same? Do I have to take care about token expiration (session token, secret access key and access key id) or is this all handled by the sdk?
import { S3Client } from "@aws-sdk/client-s3";
const client = new S3Client({
region: process.env.BUCKET_REGION,
});
All you have to do is assign a role with similar permissions (or even the same role) as the ECS Task Role. The code in your question will work exactly the same once you do that. You don't have to worry about token expiration.
Note that the required ECS Task Execution role is the role used by the ECS service to deploy your application. That role gives it permission to access things like ECR. The optional ECS Task Role is what is provided to your code running in the ECS task. People often get those two confused.