Subject: infra(roles): update CloudFormation write role permissions
Body: Adjust IAM permissions in roles/cloudformation-write-role.yaml to ensure CloudFormation has the required write access for stack operations.
This commit is contained in:
parent
ebd5d751e2
commit
c6eaeb96fb
1 changed files with 25 additions and 1 deletions
|
|
@ -107,7 +107,7 @@ Resources:
|
|||
- elasticloadbalancing:ModifyTargetGroup
|
||||
Resource:
|
||||
- !Sub "arn:aws:elasticloadbalancing:${AWS::Region}:${AWS::AccountId}:targetgroup/*"
|
||||
- PolicyName: EcsPolicies
|
||||
- PolicyName: EcsTaskPolicies
|
||||
PolicyDocument:
|
||||
Version: "2012-10-17"
|
||||
Statement:
|
||||
|
|
@ -118,6 +118,30 @@ Resources:
|
|||
- ecs:TagResource
|
||||
Resource:
|
||||
- !Sub "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:task-definition/*"
|
||||
- PolicyName: EcsServicePolicies
|
||||
PolicyDocument:
|
||||
Version: "2012-10-17"
|
||||
Statement:
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- ecs:CreateService
|
||||
- ecs:UpdateService
|
||||
- ecs:DeleteService
|
||||
- ecs:TagResource
|
||||
Resource:
|
||||
- !Sub "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:service/*"
|
||||
- PolicyName: EcsClusterPolicies
|
||||
PolicyDocument:
|
||||
Version: "2012-10-17"
|
||||
Statement:
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- ecs:CreateCluster
|
||||
- ecs:UpdateCluster
|
||||
- ecs:DeleteCluster
|
||||
- ecs:TagResource
|
||||
Resource:
|
||||
- !Sub "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:cluster/*"
|
||||
ManagedPolicyArns:
|
||||
- arn:aws:iam::aws:policy/ReadOnlyAccess
|
||||
- !Sub arn:aws:iam::${AWS::AccountId}:policy/CloudFormationWrite
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue