Hey folks,
I recently presented ECScape at Black Hat USA and fwd:cloudsec.
Research into how ECS (EC2 launch type) handles IAM roles, and how those boundaries can be broken.

I wrote a two-part blog series that dives deep:

• Part 1: Under the Hood of Amazon ECS on EC2 - Agents, IAM Roles, and Task Isolation
• Part 2: ECScape - Understanding IAM Privilege Boundaries in Amazon ECS

Would love to hear feedback, questions, or thoughts from the community - especially around how people think about IAM isolation in containerized environments.