More narrowly scope IAM policies
Previously, we granted dagit and daemon AmazonECS_FullAccess. This
enabled them to do everything they needed - and then some.
This more narrowly scopes the policies attached to each.
dagit only needs to be able to describe tasks to check if a run can be
terminated and to terminate it.
daemon needs to be able to describe a number of different things about a
task so that it can register new task definitions and trigger task runs.
Both include passrole permissions borrowed from AmazonECS_FullAccess.
Test Plan: Deploy and launch a pipeline
Reviewers: dgibson, max, johann
Reviewed By: dgibson, johann
Differential Revision: https://dagster.phacility.com/D8995