69 lines
1.5 KiB
HCL
69 lines
1.5 KiB
HCL
resource "aws_iam_role" "ecs_task" {
|
|
name = "${var.app_name}-EcsTaskRole"
|
|
|
|
assume_role_policy = jsonencode({
|
|
Version = "2012-10-17"
|
|
Statement = [
|
|
{
|
|
Action = "sts:AssumeRole"
|
|
Effect = "Allow"
|
|
Sid = ""
|
|
Principal = {
|
|
Service = "ecs-tasks.amazonaws.com"
|
|
}
|
|
}
|
|
]
|
|
})
|
|
|
|
inline_policy {
|
|
name = "AllowSecretsAccessFor${var.app_name}Tasks"
|
|
policy = jsonencode({
|
|
Version = "2012-10-17"
|
|
Statement = [
|
|
{
|
|
Effect = "Allow"
|
|
Action = [
|
|
"secretsmanager:GetSecretValue",
|
|
"kms:Decrypt"
|
|
]
|
|
Resource = [
|
|
aws_secretsmanager_secret.toclerbe.arn
|
|
]
|
|
}
|
|
]
|
|
})
|
|
}
|
|
|
|
inline_policy {
|
|
name = "AllowAccessToEcrFor${var.app_name}Tasks"
|
|
policy = jsonencode({
|
|
Version = "2012-10-17"
|
|
Statement = [
|
|
{
|
|
Effect = "Allow"
|
|
Action = [
|
|
"ecr:GetAuthorizationToken"
|
|
]
|
|
Resource = [ "*" ]
|
|
},
|
|
{
|
|
Effect = "Allow"
|
|
Action = [
|
|
"ecr:BatchGetImage",
|
|
"ecr:BatchCheckLayerAvailability",
|
|
"ecr:DescribeImages",
|
|
"ecr:GetDownloadUrlForLayer"
|
|
]
|
|
Resource = [
|
|
aws_ecr_repository.toclerbe.arn
|
|
]
|
|
}
|
|
]
|
|
})
|
|
}
|
|
|
|
tags = {
|
|
Name = "${var.app_name}-EcsTaskRole"
|
|
}
|
|
}
|