Skip to content

Latest commit

 

History

History
73 lines (59 loc) · 2.13 KB

README.md

File metadata and controls

73 lines (59 loc) · 2.13 KB
Raw

IAM: ECR

IAM roles & policies relating to ECS task and execution roles.

Both are optionally created with a boolean parameter provided to the module.

Example

## ECS Execution and Task roles
module "ecs_roles" {
    source                    = "github.com/Jareechang/tf-modules//iam/ecs?ref=v1.0.7"
    create_ecs_execution_role = true
    create_ecs_task_role      = true

    # Extend baseline policy statements
     ecs_execution_other_iam_statements = {
        ssm = {
            actions = [
                "ssm:GetParameter",
                "ssm:GetParameters",
                "ssm:GetParametersByPath"
            ]
            effect = "Allow"
            resources = [
                "arn:aws:ssm:${var.aws_region}:${data.aws_caller_identity.current.account_id}:parameter/web/${var.project_id}/*"
            ]
        }
        kms = {
            actions = [
                "kms:Decrypt"
            ]
            effect = "Allow"
            resources = [
                aws_kms_key.default.arn
            ]
        }
    }
}

Requirements

No requirements.

Providers

Name Version
aws n/a

Inputs

Name Description Type Default Required
create_ecs_execution_role Create an ECS execution role bool n/a yes
create_ecs_task_role Create an ECS task role bool n/a yes
ecs_execution_iam_statements IAM permission statement(s) to be added to the ECS Execution role 
map(object({
    actions   = list(string)
    effect    = string
    resources = list(string)
  }))
 null no
ecs_task_iam_statements IAM permission statement(s) to be added to the ECS Task role 
map(object({
    actions   = list(string)
    effect    = string
    resources = list(string)
  }))
 null no

Outputs

Name Description
ecs_execution_role_arn n/a
ecs_task_role_arn n/a