I have a jenkins running in Account A which I use to deploy image to ECR in account A. The image is pushed with the latest tag and the same image is used by an ECS service in Account B. I just need to force update the ECS service to pull the latest image.
aws ecs list-services --cluster "ECS_CLUSTER_NAME" --output text | awk '{print $2}' | while read line ; do aws ecs update-service --service "$line" --force-new-deployment --cluster "ECS_CLUSTER_NAME" --region "ECS_CLUSTER_REGION" ; done
Can i use the above CLI command to do the same? What all permissions do I need for the Jenkins role. I'm relatively new to AWS and is having a tough time getting my head around assume-role in aws, so would prefer to give the least permissions possible with basic configurations.
You would need to configure cross-account access by establishing a trust relationship for Account A in an IAM role present in Account B.
You can take reference from this guide - https://repost.aws/knowledge-center/cross-account-access-iam