I'm trying to create a service on AWS ECS, using CloudFormation. The user trying to create service has a role granting it the ecs:CreateService
permission on the cluster that will host the service. However, the service fails to create with this error message:
User: (user ARN) is not authorized to perform: ecs:CreateService on resource: *
Why is this permission necessary, when I've specified the cluster I'm creating the service on?