forks/go-ethereum
1
0
Fork 1
mirror of https://github.com/ethereum/go-ethereum.git synced 2026-06-20 05:41:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

XIN-240: Add IAM roles for ecs task execution

Browse source
This commit is contained in:
Jianrong 2022-10-02 22:22:02 +11:00
parent e22a873d00
commit f7f4986142
1 changed files with 30 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
cicd/devnet/terraform/main.tf
View file

@ -119,4 +119,34 @@ resource "aws_security_group" "devnet_efs_security_group" {
tags = {
Name = "TfDevnetEfs"
}
}
# IAM policies
data "aws_iam_policy_document" "xdc_ecs_tasks_execution_role" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["ecs-tasks.amazonaws.com"]
}
}
}
# Create the role
resource "aws_iam_role" "devnet_xdc_ecs_tasks_execution_role" {
name = "devnet-xdc-ecs-task-execution-role"
assume_role_policy = "${data.aws_iam_policy_document.xdc_ecs_tasks_execution_role.json}"
}
# Attached the AWS managed policies to the new role
resource "aws_iam_role_policy_attachment" "devnet_xdc_ecs_tasks_execution_role" {
for_each = toset([
"arn:aws:iam::aws:policy/AmazonElasticFileSystemClientFullAccess",
"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
"arn:aws:iam::aws:policy/AmazonElasticFileSystemsUtils"
])
role = aws_iam_role.devnet_xdc_ecs_tasks_execution_role.name
policy_arn = each.value
}