add ssm policy

Author: helderklemp

iam-ecs-task.tf

@@ -22,3 +22,25 @@ resource "aws_iam_role_policy_attachment" "ecs_task" {
   role       = "${aws_iam_role.ecs_task.name}"
   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
 }
+
+resource "aws_iam_role_policy" "ssm_policy" {
+  name = "ecs-ssm-policy"
+  role = "${aws_iam_role.ecs_task.name}"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "ssm:GetParameters"
+      ],
+      "Resource": [
+        "arn:aws:ssm:*:*:parameter/*"
+      ]
+    }
+  ]
+}
+EOF
+}