add existing glue access and athena access to ecs task role (#2008)

Tian-2017 · web-flow · commit 70d2568d6080 · 2024-12-03T17:46:43.000Z
diff --git a/terraform/modules/department/50-aws-iam-policies.tf b/terraform/modules/department/50-aws-iam-policies.tf
@@ -475,7 +475,8 @@ data "aws_iam_policy_document" "read_glue_scripts_and_mwaa_and_athena" {
       "athena:GetQueryResults",
       "athena:ListDatabases",
       "athena:ListTableMetadata",
-      "athena:GetTableMetadata"
+      "athena:GetTableMetadata",
+      "athena:GetWorkGroup",
     ]
     resources = ["*"]
   }
diff --git a/terraform/modules/department/50-aws-iam-roles.tf b/terraform/modules/department/50-aws-iam-roles.tf
@@ -152,3 +152,8 @@ resource "aws_iam_role_policy_attachment" "department_ecs_policy" {
   role       = aws_iam_role.department_ecs_role.name
   policy_arn = aws_iam_policy.department_ecs_policy.arn
 }
+
+resource "aws_iam_role_policy_attachment" "glue_access_attachment_to_ecs_role" {
+  role       = aws_iam_role.department_ecs_role.name
+  policy_arn = aws_iam_policy.glue_access.arn
+}

Original file line number	Diff line number	Diff line change
`@@ -475,7 +475,8 @@ data "aws_iam_policy_document" "read_glue_scripts_and_mwaa_and_athena" {`
`475`	`475`	`"athena:GetQueryResults",`
`476`	`476`	`"athena:ListDatabases",`
`477`	`477`	`"athena:ListTableMetadata",`
`478`		`- "athena:GetTableMetadata"`
	`478`	`+ "athena:GetTableMetadata",`
	`479`	`+ "athena:GetWorkGroup",`
`479`	`480`	`]`
`480`	`481`	`resources = ["*"]`
`481`	`482`	`}`
Original file line number	Diff line number	Diff line change
`@@ -152,3 +152,8 @@ resource "aws_iam_role_policy_attachment" "department_ecs_policy" {`
`152`	`152`	`role = aws_iam_role.department_ecs_role.name`
`153`	`153`	`policy_arn = aws_iam_policy.department_ecs_policy.arn`
`154`	`154`	`}`
	`155`	`+`
	`156`	`+resource "aws_iam_role_policy_attachment" "glue_access_attachment_to_ecs_role" {`
	`157`	`+ role = aws_iam_role.department_ecs_role.name`
	`158`	`+ policy_arn = aws_iam_policy.glue_access.arn`
	`159`	`+}`