When you’re using CloudFormation, Terraform, or AWS CDK to deploy Amazon ECS containers with ECS Fargate or EC2. In short, ECS task roles allow the containers in your task to assume an IAM role to call AWS APIs without having to use AWS Credentials inside the containers.
The ECS task role is essential when the application in your ECS container running on Fargate or EC2 needs to access other AWS Services like an S3 bucket.
The ECS task execution role grants the Amazon ECS container and Fargate agents permission to make AWS API calls on your behalf.
You need both roles in order to start up containers in your ECS tasks by getting permission to pull the Amazon ECR container image and getting the ability to access other AWS services from within the container.