From bc28e2bfce2ce20e2713bc72df02ad6d620a0188 Mon Sep 17 00:00:00 2001 From: threnjen Date: Sun, 1 Dec 2024 16:35:13 -0800 Subject: [PATCH] update policy attachments --- aws_terraform_bgg/iam_ecs_role.tf | 12 +++++++++++- aws_terraform_bgg/modules/iam_ecs_roles/ecs_roles.tf | 5 ----- aws_terraform_bgg/modules/iam_ecs_roles/variables.tf | 6 ------ 3 files changed, 11 insertions(+), 12 deletions(-) diff --git a/aws_terraform_bgg/iam_ecs_role.tf b/aws_terraform_bgg/iam_ecs_role.tf index e7b5cc5..ef43e45 100644 --- a/aws_terraform_bgg/iam_ecs_role.tf +++ b/aws_terraform_bgg/iam_ecs_role.tf @@ -117,7 +117,7 @@ resource "aws_iam_role_policy_attachment" "trigger_bgg_lambda_run_attach_to_orch policy_arn = aws_iam_policy.lambda_direct_permissions.arn } -resource "aws_iam_role_policy_attachment" "ecs_run_attach_cleaner_to_orchestrator" { +resource "aws_iam_role_policy_attachment" "ecs_run_attach_game_cleaner_to_orchestrator" { role = module.bgg_orchestrator_FargateTaskRole_role.name policy_arn = aws_iam_policy.ecs_run_permissions_bgg_game_data_cleaner.arn } @@ -127,6 +127,16 @@ resource "aws_iam_role_policy_attachment" "ecs_run_attach_scraper_to_orchestrato policy_arn = aws_iam_policy.ecs_run_permissions_bgg_scraper.arn } +resource "aws_iam_role_policy_attachment" "ecs_run_attach_ratings_cleaner_to_orchestrator" { + role = module.bgg_orchestrator_FargateTaskRole_role.name + policy_arn = aws_iam_policy.ecs_run_permissions_bgg_ratings_data_cleaner.arn +} + +resource "aws_iam_role_policy_attachment" "ecs_run_attach_user_cleaner_to_orchestrator" { + role = module.bgg_orchestrator_FargateTaskRole_role.name + policy_arn = aws_iam_policy.ecs_run_permissions_bgg_users_data_cleaner.arn +} + module "bgg_users_data_cleaner_FargateTaskRole_role" { source = "./modules/iam_ecs_roles" diff --git a/aws_terraform_bgg/modules/iam_ecs_roles/ecs_roles.tf b/aws_terraform_bgg/modules/iam_ecs_roles/ecs_roles.tf index e873187..bf46481 100644 --- a/aws_terraform_bgg/modules/iam_ecs_roles/ecs_roles.tf +++ b/aws_terraform_bgg/modules/iam_ecs_roles/ecs_roles.tf @@ -30,11 +30,6 @@ resource "aws_iam_role_policy_attachment" "AWSAppRunnerServicePolicyForECRAccess policy_arn = var.AWSAppRunnerServicePolicyForECRAccess } -resource "aws_iam_role_policy_attachment" "CloudWatchLogsFullAccess_FargateExecutionRole" { - role = aws_iam_role.fargate_task_definition.name - policy_arn = var.CloudWatchLogsFullAccess -} - resource "aws_iam_role_policy_attachment" "CloudWatchFullAccessV2_FargateExecutionRole" { role = aws_iam_role.fargate_task_definition.name policy_arn = var.CloudWatchFullAccessV2 diff --git a/aws_terraform_bgg/modules/iam_ecs_roles/variables.tf b/aws_terraform_bgg/modules/iam_ecs_roles/variables.tf index e723ada..082de47 100644 --- a/aws_terraform_bgg/modules/iam_ecs_roles/variables.tf +++ b/aws_terraform_bgg/modules/iam_ecs_roles/variables.tf @@ -15,12 +15,6 @@ variable "AWSAppRunnerServicePolicyForECRAccess" { default = "arn:aws:iam::aws:policy/service-role/AWSAppRunnerServicePolicyForECRAccess" } -variable "CloudWatchLogsFullAccess" { - description = "The ARN of the CloudWatchLogsFullAccess" - type = string - default = "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess" -} - variable "CloudWatchFullAccessV2" { description = "The ARN of the CloudWatchFullAccessV2" type = string