update policy attachments

threnjen · Dec 2, 2024 · bc28e2b · bc28e2b
1 parent e0683e4
commit bc28e2b
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 12 deletions.
diff --git a/aws_terraform_bgg/iam_ecs_role.tf b/aws_terraform_bgg/iam_ecs_role.tf
@@ -117,7 +117,7 @@ resource "aws_iam_role_policy_attachment" "trigger_bgg_lambda_run_attach_to_orch
   policy_arn = aws_iam_policy.lambda_direct_permissions.arn
 }
 
-resource "aws_iam_role_policy_attachment" "ecs_run_attach_cleaner_to_orchestrator" {
+resource "aws_iam_role_policy_attachment" "ecs_run_attach_game_cleaner_to_orchestrator" {
   role       = module.bgg_orchestrator_FargateTaskRole_role.name
   policy_arn = aws_iam_policy.ecs_run_permissions_bgg_game_data_cleaner.arn
 }
@@ -127,6 +127,16 @@ resource "aws_iam_role_policy_attachment" "ecs_run_attach_scraper_to_orchestrato
   policy_arn = aws_iam_policy.ecs_run_permissions_bgg_scraper.arn
 }
 
+resource "aws_iam_role_policy_attachment" "ecs_run_attach_ratings_cleaner_to_orchestrator" {
+  role       = module.bgg_orchestrator_FargateTaskRole_role.name
+  policy_arn = aws_iam_policy.ecs_run_permissions_bgg_ratings_data_cleaner.arn
+}
+
+resource "aws_iam_role_policy_attachment" "ecs_run_attach_user_cleaner_to_orchestrator" {
+  role       = module.bgg_orchestrator_FargateTaskRole_role.name
+  policy_arn = aws_iam_policy.ecs_run_permissions_bgg_users_data_cleaner.arn
+}
+
 
 module "bgg_users_data_cleaner_FargateTaskRole_role" {
   source          = "./modules/iam_ecs_roles"

diff --git a/aws_terraform_bgg/modules/iam_ecs_roles/ecs_roles.tf b/aws_terraform_bgg/modules/iam_ecs_roles/ecs_roles.tf
@@ -30,11 +30,6 @@ resource "aws_iam_role_policy_attachment" "AWSAppRunnerServicePolicyForECRAccess
   policy_arn = var.AWSAppRunnerServicePolicyForECRAccess
 }
 
-resource "aws_iam_role_policy_attachment" "CloudWatchLogsFullAccess_FargateExecutionRole" {
-  role       = aws_iam_role.fargate_task_definition.name
-  policy_arn = var.CloudWatchLogsFullAccess
-}
-
 resource "aws_iam_role_policy_attachment" "CloudWatchFullAccessV2_FargateExecutionRole" {
   role       = aws_iam_role.fargate_task_definition.name
   policy_arn = var.CloudWatchFullAccessV2

diff --git a/aws_terraform_bgg/modules/iam_ecs_roles/variables.tf b/aws_terraform_bgg/modules/iam_ecs_roles/variables.tf
@@ -15,12 +15,6 @@ variable "AWSAppRunnerServicePolicyForECRAccess" {
   default     = "arn:aws:iam::aws:policy/service-role/AWSAppRunnerServicePolicyForECRAccess"
 }
 
-variable "CloudWatchLogsFullAccess" {
-  description = "The ARN of the CloudWatchLogsFullAccess"
-  type        = string
-  default     = "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess"
-}
-
 variable "CloudWatchFullAccessV2" {
   description = "The ARN of the CloudWatchFullAccessV2"
   type        = string