allow passrole on task role too (#1992)

Tian-2017 · web-flow · commit 48cab1356529 · 2024-11-21T15:12:20.000Z
* allow passrole on task role too

* match with dataplatform-stg-ecs-parking

* remove the environment variable since the identifier_prefix includes
diff --git a/terraform/modules/department/50-aws-iam-policies.tf b/terraform/modules/department/50-aws-iam-policies.tf
@@ -911,7 +911,9 @@ data "aws_iam_policy_document" "airflow_base_policy" {
       "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/dap-ecs-execution-role",
       "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/dap-ecs-task-role",
       "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/parking-ecs-execution-role",
-      "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/housing-ecs-execution-role"
+      "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${var.identifier_prefix}-ecs-parking",
+      "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/housing-ecs-execution-role",
+      "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${var.identifier_prefix}-ecs-housing",
     ]
     condition {
       test     = "StringEquals"
