How to Configure Different ECS Task IAM Roles for Production and Branch Deployments

To use different ECS task IAM roles for production and branch deployments in Dagster Cloud, you can do one of the following:

1. Templating in different values in the dagster_cloud.yaml file in just branch deployments. You'll just have to do the templating yourselves, e.g. you could add a jinja step in your github workflow that does it.

2. You could have a totally separate dagster_cloud.yaml file just for branch deployments. The path is an input variable here so you could change the path that is used depending on whether its happening in a PR or not: https://github.com/dagster-io/dagster-cloud-hybrid-quickstart/blob/main/.github/workflows/dagster-cloud-deploy.yml#L58

3. You could have two separate agents with different task IAM roles. You would only need a dagster_cloud.yaml if you want this configuration to vary for different code locations.