Skip to content

Commit d1a52a2

Browse files
timburke-hackittimburke-hackit
committed
add assume role policy
1 parent e5c7096 commit d1a52a2

File tree

2 files changed

+12
-1
lines changed

2 files changed

+12
-1
lines changed

terraform/modules/department/50-aws-iam-policies.tf

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -960,3 +960,14 @@ resource "aws_iam_policy_document" "department_ecs_policy" {
960960
policy = data.aws_iam_policy_document.department_ecs.json
961961
tags = var.tags
962962
}
963+
964+
data "aws_iam_policy_document" "ecs_assume_role_policy" {
965+
statement {
966+
effect = "allow"
967+
principals {
968+
identifiers = ["ecs-tasks.amazonaws.com"]
969+
type = "Service"
970+
}
971+
actions = "sts:AssumeRole"
972+
}
973+
}

terraform/modules/department/50-aws-iam-roles.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -143,7 +143,7 @@ resource "aws_secretsmanager_secret_version" "airflow_user_secret_version" {
143143
# Department ECS
144144
resource "aws_iam_role" "department_ecs_role" {
145145
name = lower("${var.identifier_prefix}-glue-${local.department_identifier}")
146-
assume_role_policy = data.aws_iam_policy_document.department
146+
assume_role_policy = data.aws_iam_policy_document.ecs_assume_role_policy.json
147147
tags = var.tags
148148
}
149149

0 commit comments

Comments
 (0)