Skip to content

Instantly share code, notes, and snippets.

@hendrixroa

hendrixroa/aws_ecs_task_execution.tf

Last active May 4, 2023 16:34
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hendrixroa/fada386df58bb63ce69b7867868e5472 to your computer and use it in GitHub Desktop.
Save hendrixroa/fada386df58bb63ce69b7867868e5472 to your computer and use it in GitHub Desktop.
Download ZIP
AWS IAM roles and policies to perform task in ECS
Raw
aws_ecs_task_execution.tf
resource "aws_iam_role" "ecs_task_execution" {
name = "noiselesstech_task_execution_role"
assume_role_policy = <<DOC
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ecs-tasks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
DOC
}
resource "aws_iam_role_policy" "ecs_exec" {
name = "noiselesstech_task_execution_policy"
role = aws_iam_role.ecs_task_execution.id
policy = <<DOC
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecs:DescribeTaskDefinition",
"ecs:ListServices",
"ecs:DescribeServices",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams",
"secretsmanager:GetSecretValue",
"kms:Decrypt",
"ssm:GetParameter",
"ssm:GetParameters",
"ssm:GetParameterHistory",
"ssm:GetParametersByPath"
],
"Resource": "*"
}
]
}
DOC
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment