cat << EOF > ecs_task_execution_role_policy.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ssmmessages:CreateControlChannel",
                "ssmmessages:CreateDataChannel",
                "ssmmessages:OpenControlChannel",
                "ssmmessages:OpenDataChannel"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ecr:*",
                "cloudtrail:LookupEvents"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ecr:GetAuthorizationToken",
                "ecr:BatchCheckLayerAvailability",
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage",
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        }
    ]
}
EOF

aws iam create-policy --policy-name EcsTaskExecutionRolePolicy --policy-document file://ecs_task_execution_role_policy.json

aws iam attach-role-policy --role-name EcsTaskExecutionRole --policy-arn arn:aws:iam::362708816803:policy/EcsTaskExecutionRolePolicy

aws ecs update-service --cluster ws-cluster --service gateway-svc --enable-execute-command

TASKDEF_ARN=$(aws ecs list-tasks --cluster ws-cluster --desired-status RUNNING --family gateway-td --region ap-northeast-2 --query "taskArns[0]" --output text)