Skip to content
This repository has been archived by the owner on Apr 5, 2023. It is now read-only.

Commit

Permalink
IAM Fixes (#2)
Browse files Browse the repository at this point in the history 
Fixes IAM permissions related to var.task_role_arn
  • Loading branch information
Steven Sklar authored Aug 27, 2021
1 parent 0996805 commit 018f09a
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
4 changes: 2 additions & 2 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,9 +224,9 @@ data "aws_iam_policy_document" "cloudwatch" {
statement {
effect = "Allow"
actions = ["iam:PassRole"]
resources = [
resources = concat([
aws_iam_role.task_execution_role.arn
]
], var.task_role_arn != null ? [var.task_role_arn] : [])
}
}

Expand Down
2 changes: 1 addition & 1 deletion variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,5 +46,5 @@ variable "extra_container_defs" {

variable "task_role_arn" {
default = null
description = "IAM role ARN for your task if it needs to access any AWS resources"
description = "IAM role ARN for your task if it needs to access any AWS resources. IMPORTANT: This must have an AssumeRolePolicy that includes the 'ecs-tasks.amazonaws.com' provider!!"
}

0 comments on commit 018f09a

Please sign in to comment.