Daisuke
b565fb3c4b
- Add CloudFormation resource scanning permissions (DescribeResourceScan, ListResourceScans, StartResourceScan) - Add CloudFormation template generation permissions (CreateGeneratedTemplate, UpdateGeneratedTemplate) - Add S3 bucket encryption and public access block configuration permissions - Expand ELB target group management (create, delete, tag, remove tags) - Add ELB listener and rule management permissions (create, delete, modify) - Update commit message generator skill documentation with format guidelines
24 lines
792 B
YAML
24 lines
792 B
YAML
AWSTemplateFormatVersion: '2010-09-09'
|
|
Description: IAM Role allowing ECS service to assume the role (trust policy).
|
|
Resources:
|
|
ECSForInfrastructureManagementRole:
|
|
Type: AWS::IAM::Role
|
|
Properties:
|
|
AssumeRolePolicyDocument:
|
|
Version: '2012-10-17'
|
|
Statement:
|
|
- Sid: AllowAccessToECSForInfrastructureManagement
|
|
Effect: Allow
|
|
Principal:
|
|
Service: ecs.amazonaws.com
|
|
Action: sts:AssumeRole
|
|
ManagedPolicyArns:
|
|
- arn:aws:iam::aws:policy/AmazonECSInfrastructureRolePolicyForLoadBalancers
|
|
|
|
|
|
Outputs:
|
|
ECSForInfrastructureManagementRoleArn:
|
|
Description: ARN of the ECS role
|
|
Value: !GetAtt ECSForInfrastructureManagementRole.Arn
|
|
Export:
|
|
Name: ECSForInfrastructureManagementRoleArn
|