From ea6fa1a4dcaac0f2718df2ffb1dcf973c06f35c0 Mon Sep 17 00:00:00 2001 From: tylerthome Date: Sun, 13 Oct 2024 13:39:54 -0700 Subject: [PATCH] add iam for ecs task exec --- terraform-incubator/home-unite-us/dev/ecs.tf | 48 ++++++++++---------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/terraform-incubator/home-unite-us/dev/ecs.tf b/terraform-incubator/home-unite-us/dev/ecs.tf index d2fc283..6c441d3 100644 --- a/terraform-incubator/home-unite-us/dev/ecs.tf +++ b/terraform-incubator/home-unite-us/dev/ecs.tf @@ -1,29 +1,29 @@ -# resource "aws_iam_policy" "ecs_shell_dev" { -# name = "HomeUniteUsECSExecDev" -# description = "Execute shell commands on dev HUU containers" -# policy = jsonencode({ -# "Version": "2012-10-17", -# "Statement": [ -# { -# "Effect": "Allow", -# "Action": [ -# "ssmmessages:CreateControlChannel", -# "ssmmessages:CreateDataChannel", -# "ssmmessages:OpenControlChannel", -# "ssmmessages:OpenDataChannel" -# ], -# "Resource": "*" -# } -# ] -# }) -# } +resource "aws_iam_policy" "ecs_shell_dev" { + name = "HomeUniteUsECSExecDev" + description = "Execute shell commands on dev HUU containers" + policy = jsonencode({ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel" + ], + "Resource": "*" + } + ] +}) +} -# # via aws ecs execute-command --cluster incubator-prod --container homeuniteus --task 48f95a3b35de4198a637827d6b020c37 --command /bin/bash --interactive -# resource "aws_iam_user_policy_attachment" "ecs_shell_dev" { -# user = data.aws_iam_user.appadmin.user_name -# policy_arn = aws_iam_policy.ecs_shell_dev.arn -# } +# via aws ecs execute-command --cluster incubator-prod --container homeuniteus --task 48f95a3b35de4198a637827d6b020c37 --command /bin/bash --interactive +resource "aws_iam_role_policy_attachment" "ecs_shell_dev" { + role = "arn:aws:iam::035866691871:role/incubator-prod-ecs-task-role" + policy_arn = aws_iam_policy.ecs_shell_dev.arn +} # aws_ecs_task_definition.task: resource "aws_ecs_task_definition" "homeuniteus" {