What is the difference between ecs.amazonaws.com and ecs-tasks.amazonaws.com?

Question

https://gist.github.com/meoooh/896b66e0fc5c9bfd5716fc1864a7c68b

If I have two iam role.

But I don't know difference

Answer 1

One IAM role is used by ECS service scheduler to make calls to the Amazon EC2 and Elastic Load Balancing APIs on your behalf to register and deregister container instances with your load balancers. This is the role that has the principal ecs.amazonaws.com.

The second IAM role is used by the containers that are created in your tasks. This is the role that has the principal: ecs-tasks.amazonaws.com.

AWS documentation:

• Details about IAM role used by ECS scheduler can be found here.
• Details about IAM role used by containers in your tasks can be found here. Further explanation for this can be found here.