Skip to content

Commit

Permalink
Add ecr:BatchGetImage IAM
Browse files Browse the repository at this point in the history
  • Loading branch information
@dmattia
dmattia authored Jan 24, 2025
1 parent 1da4b30 commit e4a38d6
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions execution_role.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,30 @@ resource "aws_iam_role" "execution_role" {
tags = var.tags
}

resource "aws_iam_role_policy" "ecs_instance_role_policy" {
name = "${var.name}-ecs-instance-role-policy"
role = aws_iam_role.execution_role.id

policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"logs:PutLogEvents",
"logs:CreateLogStream",
"logs:CreateLogGroup",
"ecr:GetDownloadUrlForLayer",
"ecr:GetAuthorizationToken",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability"
]
Resource = "*"
}
]
})
}

locals {
policy_arns = concat(
var.additional_task_policy_arns,
Expand Down

0 comments on commit e4a38d6

Please sign in to comment.