---
- input:
    Resources: {}
  expectations:
    rules:
      all_ecs_tasks_must_have_task_end_execution_roles: SKIP
      check_ecs_task_role_refs_are_local: SKIP
      check_ecs_execution_role_refs_are_local: SKIP
      check_ecs_task_role_refs_are_shared: SKIP
      check_ecs_execution_role_refs_are_shared: SKIP
- input:
    Resources:
      ecsTask:
        Type: 'AWS::ECS::TaskDefinition'
        Properties:
          TaskRoleArn: 'aws:arn'
  expectations:
    rules:
      all_ecs_tasks_must_have_task_end_execution_roles: FAIL
      check_ecs_task_role_refs_are_local: SKIP
      check_ecs_execution_role_refs_are_local: SKIP
      check_ecs_task_role_refs_are_shared: SKIP
      check_ecs_execution_role_refs_are_shared: SKIP
- input:
    Resources:
      ecsTask:
        Type: 'AWS::ECS::TaskDefinition'
        Properties:
          TaskRoleArn: 'aws:arn'
          ExecutionRoleArn: 'aws:arn2'
  expectations:
    rules:
      all_ecs_tasks_must_have_task_end_execution_roles: PASS
      check_ecs_task_role_refs_are_local: SKIP
      check_ecs_execution_role_refs_are_local: SKIP
      check_ecs_task_role_refs_are_shared: FAIL
      check_ecs_execution_role_refs_are_shared: FAIL
- input:
    Resources:
      ecsTask:
        Type: 'AWS::ECS::TaskDefinition'
        Metadata:
          SharedExectionRole: allowed
        Properties:
          TaskRoleArn: 'aws:arn'
          ExecutionRoleArn: 'aws:arn2'
  expectations:
    rules:
      all_ecs_tasks_must_have_task_end_execution_roles: PASS
      check_ecs_task_role_refs_are_local: SKIP
      check_ecs_execution_role_refs_are_local: SKIP
      check_ecs_task_role_refs_are_shared: PASS
      check_ecs_execution_role_refs_are_shared: PASS
- input:
    Resources:
      ecsTask:
        Type: 'AWS::ECS::TaskDefinition'
        Metadata:
          SharedExectionRole: allowed
        Properties:
          TaskRoleArn: 
            'Fn::GetAtt': [iam, Arn]
          ExecutionRoleArn: 'aws:arn2'
  expectations:
    rules:
      all_ecs_tasks_must_have_task_end_execution_roles: PASS
      check_ecs_task_role_refs_are_local: FAIL
      check_ecs_execution_role_refs_are_local: SKIP
      check_ecs_task_role_refs_are_shared: SKIP
      check_ecs_execution_role_refs_are_shared: PASS
- input:
    Resources:
      ecsTask:
        Type: 'AWS::ECS::TaskDefinition'
        Metadata:
          SharedExectionRole: allowed
        Properties:
          TaskRoleArn: 
            'Fn::GetAtt': [iamRole, Arn]
          ExecutionRoleArn: 'aws:arn2'
      iamRole:
        Type: 'AWS::IAM::Role'
        Properties:
          PermissionsBoundary: 'aws:arn3'
  expectations:
    rules:
      all_ecs_tasks_must_have_task_end_execution_roles: PASS
      check_ecs_task_role_refs_are_local: PASS
      check_ecs_execution_role_refs_are_local: SKIP
      check_ecs_task_role_refs_are_shared: SKIP
      check_ecs_execution_role_refs_are_shared: PASS