diff --git a/.changelog/4296.txt b/.changelog/4296.txt
new file mode 100644
index 00000000000..376cf6140b8
--- /dev/null
+++ b/.changelog/4296.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+plugin/ecs: `runner install` now creates aws policies to facilitate remotely running StopTask and WatchTask jobs
+```
diff --git a/internal/runnerinstall/ecs.go b/internal/runnerinstall/ecs.go
index f9bb9863ae9..b3e1131e86a 100644
--- a/internal/runnerinstall/ecs.go
+++ b/internal/runnerinstall/ecs.go
@@ -79,6 +79,7 @@ const odrRolePolicy = `{
         "ecs:RegisterTaskDefinition",
         "ecs:DeregisterTaskDefinition",
         "ecs:RunTask",
+        "ecs:StopTask",
         "elasticloadbalancing:CreateListener",
         "elasticloadbalancing:CreateLoadBalancer",
         "elasticloadbalancing:CreateRule",
@@ -100,6 +101,7 @@ const odrRolePolicy = `{
         "logs:CreateLogGroup",
         "logs:DescribeLogGroups",
         "logs:DescribeLogStreams",
+        "logs:GetLogEvents",
         "route53:ChangeResourceRecordSets",
         "route53:ListResourceRecordSets"
       ],