what is task role: for containers
==> it was for the containers only. example the application running in the containers are needed to comunicate to ses/sns..any aws services. no aws service can access other aws service without permission. here i have to create a role called task role for allowing my application to access other aws services. where do i define this role??
task execution role: for task
==> When you register a task definition, you can provide a task execution role that allows the containers in the task to pull container images and publish container logs to CloudWatch on your behalf...just for ecr cloudwatch logs
==> let me make things clear here. there is task memory and container memory too. they both are different.
remember a task can have one container or more container in same container instance i.e. ec2.
all thses container will have their memory. sum of all the contaner memory must be less than task memory.
also memory specified to container ..say Xmb...if it attempts to exceed the container will be killed
The Docker daemon reserves a minimum of 4 MiB of memory for a container.
kinda of soft limit for container memory
container memory < task memory