Revert "Restrict autoscaling privileges to AWSBatch* resources (#12)" (#19)

olivermeyer · web-flow · commit 75f21f94c5b8 · 2022-04-22T07:04:25.000-07:00
This reverts commit ca3d5d3.
diff --git a/modules/computation/iam-batch-execution.tf b/modules/computation/iam-batch-execution.tf
@@ -75,7 +75,16 @@ data "aws_iam_policy_document" "custom_access_policy" {
       "autoscaling:DescribeAutoScalingGroups",
       "autoscaling:DescribeLaunchConfigurations",
       "autoscaling:DescribeAutoScalingInstances",
+      "autoscaling:CreateLaunchConfiguration",
+      "autoscaling:CreateAutoScalingGroup",
+      "autoscaling:UpdateAutoScalingGroup",
+      "autoscaling:SetDesiredCapacity",
+      "autoscaling:DeleteLaunchConfiguration",
+      "autoscaling:DeleteAutoScalingGroup",
       "autoscaling:CreateOrUpdateTags",
+      "autoscaling:SuspendProcesses",
+      "autoscaling:PutNotificationConfiguration",
+      "autoscaling:TerminateInstanceInAutoScalingGroup",
       "ecs:DescribeClusters",
       "ecs:DescribeContainerInstances",
       "ecs:DescribeTaskDefinition",
@@ -108,37 +117,6 @@ data "aws_iam_policy_document" "custom_access_policy" {
       "*"
     ]
   }
-
-  statement {
-    actions = [
-      "autoscaling:CreateLaunchConfiguration",
-      "autoscaling:DeleteLaunchConfiguration",
-    ]
-
-    effect = "Allow"
-
-    resources = [
-      "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/AWSBatch*"
-    ]
-  }
-
-  statement {
-    actions = [
-      "autoscaling:CreateAutoScalingGroup",
-      "autoscaling:UpdateAutoScalingGroup",
-      "autoscaling:SetDesiredCapacity",
-      "autoscaling:DeleteAutoScalingGroup",
-      "autoscaling:SuspendProcesses",
-      "autoscaling:PutNotificationConfiguration",
-      "autoscaling:TerminateInstanceInAutoScalingGroup",
-    ]
-
-    effect = "Allow"
-
-    resources = [
-      "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/AWSBatch*"
-    ]
-  }
 }
 
 data "aws_iam_policy_document" "iam_custom_policies" {
