Skip to content

Commit

Permalink
add iam for ecs task exec
Browse files Browse the repository at this point in the history
  • Loading branch information
@tylerthome
tylerthome committed Oct 13, 2024
1 parent 1d343fa commit ea6fa1a
Showing 1 changed file with 24 additions and 24 deletions.
48 changes: 24 additions & 24 deletions terraform-incubator/home-unite-us/dev/ecs.tf
View file
Original file line number Diff line number Diff line change
@@ -1,29 +1,29 @@

# resource "aws_iam_policy" "ecs_shell_dev" {
# name = "HomeUniteUsECSExecDev"
# description = "Execute shell commands on dev HUU containers"
# policy = jsonencode({
# "Version": "2012-10-17",
# "Statement": [
# {
# "Effect": "Allow",
# "Action": [
# "ssmmessages:CreateControlChannel",
# "ssmmessages:CreateDataChannel",
# "ssmmessages:OpenControlChannel",
# "ssmmessages:OpenDataChannel"
# ],
# "Resource": "*"
# }
# ]
# })
# }
resource "aws_iam_policy" "ecs_shell_dev" {
name = "HomeUniteUsECSExecDev"
description = "Execute shell commands on dev HUU containers"
policy = jsonencode({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Resource": "*"
}
]
})
}

# # via aws ecs execute-command --cluster incubator-prod --container homeuniteus --task 48f95a3b35de4198a637827d6b020c37 --command /bin/bash --interactive
# resource "aws_iam_user_policy_attachment" "ecs_shell_dev" {
# user = data.aws_iam_user.appadmin.user_name
# policy_arn = aws_iam_policy.ecs_shell_dev.arn
# }
# via aws ecs execute-command --cluster incubator-prod --container homeuniteus --task 48f95a3b35de4198a637827d6b020c37 --command /bin/bash --interactive
resource "aws_iam_role_policy_attachment" "ecs_shell_dev" {
role = "arn:aws:iam::035866691871:role/incubator-prod-ecs-task-role"
policy_arn = aws_iam_policy.ecs_shell_dev.arn
}

# aws_ecs_task_definition.task:
resource "aws_ecs_task_definition" "homeuniteus" {
Expand Down

0 comments on commit ea6fa1a

Please sign in to comment.