From f066fc2b92bbc527617a5ff835bcf45c22dcc689 Mon Sep 17 00:00:00 2001 From: Sherlyn Saavedra Date: Thu, 8 Aug 2024 10:44:40 -0400 Subject: [PATCH 1/4] updated README.md file with more permissions for one off task --- README.md | 39 +++++++++++++++++++++++++++++++++++---- 1 file changed, 35 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 246eef880..ff9c13464 100644 --- a/README.md +++ b/README.md @@ -116,9 +116,9 @@ We recommend following [Amazon IAM best practices](https://docs.aws.amazon.com/I * [Monitor the activity](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#keep-a-log) of the credentials used in GitHub Actions workflows. ## Permissions - -This action requires the following minimum set of permissions: - + +Running a service requires the following minimum set of permissions: + ```json { "Version":"2012-10-17", @@ -156,7 +156,38 @@ This action requires the following minimum set of permissions: ] } ``` - + +Running a one-off/stand-alone task requires the following minimum set of permissions: + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "RegisterTaskDefinition and runTask", + "Effect": "Allow", + "Action": [ + "ecs:RunTask", + "ecs:RegisterTaskDefinition", + "ecs:DescribeTasks" + ], + "Resource": "*" + }, + { + "Sid":"PassRolesInTaskDefinition", + "Effect":"Allow", + "Action":[ + "iam:PassRole" + ], + "Resource":[ + "arn:aws:iam:::role/", + "arn:aws:iam:::role/" + ] + } + ] +} + +``` Note: the policy above assumes the account has opted in to the ECS long ARN format. ## AWS CodeDeploy Support From 810476dfa49c5cc8564b1c0fd3aee70cfb704628 Mon Sep 17 00:00:00 2001 From: Sherlyn Saavedra Date: Thu, 8 Aug 2024 11:09:37 -0400 Subject: [PATCH 2/4] updated README.md file with recommended pr changes --- README.md | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index ff9c13464..7ecf6d4ca 100644 --- a/README.md +++ b/README.md @@ -116,9 +116,7 @@ We recommend following [Amazon IAM best practices](https://docs.aws.amazon.com/I * [Monitor the activity](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#keep-a-log) of the credentials used in GitHub Actions workflows. ## Permissions - Running a service requires the following minimum set of permissions: - ```json { "Version":"2012-10-17", @@ -164,7 +162,7 @@ Running a one-off/stand-alone task requires the following minimum set of permiss "Version": "2012-10-17", "Statement": [ { - "Sid": "RegisterTaskDefinition and runTask", + "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ecs:RunTask", @@ -174,15 +172,15 @@ Running a one-off/stand-alone task requires the following minimum set of permiss "Resource": "*" }, { - "Sid":"PassRolesInTaskDefinition", - "Effect":"Allow", - "Action":[ - "iam:PassRole" - ], - "Resource":[ - "arn:aws:iam:::role/", - "arn:aws:iam:::role/" - ] + "Sid": "PassRolesInTaskDefinition", + "Effect":"Allow", + "Action": [ + "iam:PassRole" + ], + "Resource":[ + "arn:aws:iam:::role/", + "arn:aws:iam:::role/" + ] } ] } From 265719a5febc48fcaaa5433c1a6e4c558fb002b0 Mon Sep 17 00:00:00 2001 From: Sherlyn Saavedra Date: Thu, 8 Aug 2024 11:25:42 -0400 Subject: [PATCH 3/4] fixed spacing for README.md file --- README.md | 49 ++++++++++++++++++++++++------------------------- 1 file changed, 24 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index 7ecf6d4ca..66a969fa0 100644 --- a/README.md +++ b/README.md @@ -159,32 +159,31 @@ Running a one-off/stand-alone task requires the following minimum set of permiss ```json { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "ecs:RunTask", - "ecs:RegisterTaskDefinition", - "ecs:DescribeTasks" - ], - "Resource": "*" - }, - { - "Sid": "PassRolesInTaskDefinition", - "Effect":"Allow", - "Action": [ - "iam:PassRole" - ], - "Resource":[ - "arn:aws:iam:::role/", - "arn:aws:iam:::role/" - ] - } - ] + "Version": "2012-10-17", + "Statement":[ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action":[ + "ecs:RunTask", + "ecs:RegisterTaskDefinition", + "ecs:DescribeTasks" + ], + "Resource": "*" + }, + { + "Sid": "PassRolesInTaskDefinition", + "Effect":"Allow", + "Action":[ + "iam:PassRole" + ], + "Resource":[ + "arn:aws:iam:::role/", + "arn:aws:iam:::role/" + ] + } + ] } - ``` Note: the policy above assumes the account has opted in to the ECS long ARN format. From 850825e72f63d3844674ba48e667b6bea851082e Mon Sep 17 00:00:00 2001 From: Sherlyn Saavedra Date: Thu, 8 Aug 2024 15:37:37 -0400 Subject: [PATCH 4/4] fixed extra space for README.md file --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 66a969fa0..d6646af3f 100644 --- a/README.md +++ b/README.md @@ -156,7 +156,6 @@ Running a service requires the following minimum set of permissions: ``` Running a one-off/stand-alone task requires the following minimum set of permissions: - ```json { "Version": "2012-10-17",