70 lines
1.5 KiB
HCL
70 lines
1.5 KiB
HCL
resource "aws_iam_role" "ecs_task" {
|
|
name = "${local.environment_name}-EcsTaskRole"
|
|
|
|
assume_role_policy = jsonencode({
|
|
Version = "2012-10-17"
|
|
Statement = [
|
|
{
|
|
Action = "sts:AssumeRole"
|
|
Effect = "Allow"
|
|
Sid = ""
|
|
Principal = {
|
|
Service = "ecs-tasks.amazonaws.com"
|
|
}
|
|
}
|
|
]
|
|
})
|
|
|
|
inline_policy {
|
|
name = "AllowSecretsAccessForHffEntryFormsApiTasks"
|
|
policy = jsonencode({
|
|
Version = "2012-10-17"
|
|
Statement = [
|
|
{
|
|
Effect = "Allow"
|
|
Action = [
|
|
"secretsmanager:GetSecretValue",
|
|
"kms:Decrypt"
|
|
]
|
|
Resource = [
|
|
aws_secretsmanager_secret.hff_entry_forms_api.arn
|
|
]
|
|
}
|
|
]
|
|
})
|
|
}
|
|
|
|
inline_policy {
|
|
name = "AllowAccessToEcrForHffEntryFormsApiTasks"
|
|
policy = jsonencode({
|
|
Version = "2012-10-17"
|
|
Statement = [
|
|
{
|
|
Effect = "Allow"
|
|
Action = [
|
|
"ecr:GetAuthorizationToken"
|
|
]
|
|
Resource = [ "*" ]
|
|
},
|
|
{
|
|
Effect = "Allow"
|
|
Action = [
|
|
"ecr:BatchGetImage",
|
|
"ecr:BatchCheckLayerAvailability",
|
|
"ecr:DescribeImages",
|
|
"ecr:GetDownloadUrlForLayer"
|
|
]
|
|
Resource = [
|
|
var.ecr_repo.arn
|
|
]
|
|
}
|
|
]
|
|
})
|
|
}
|
|
|
|
tags = {
|
|
Name = "HffEntryForms-EcsTaskRole"
|
|
Environment = local.environment_name
|
|
}
|
|
}
|