Difference between revisions of "ECS execution policy"
Jump to navigation
Jump to search
| Line 31: | Line 31: | ||
== Related == | == Related == | ||
* [[AWS managed policy: AmazonECSTaskExecutionRolePolicy]] | * [[AWS managed policy: AmazonECSTaskExecutionRolePolicy]] | ||
| − | + | * "[[ssm:]]GetParameters", | |
| + | * "[[secretsmanager:]]GetSecretValue", | ||
| + | * "[[kms:]]Decrypt" | ||
{{aws_iam_policy}} | {{aws_iam_policy}} | ||
Latest revision as of 16:03, 29 May 2023
resource "aws_iam_policy" "ecs_policy" {
name = "your-task-ecs-execution-policy"
description = "ECS execution policy"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ssm:GetParameters",
"secretsmanager:GetSecretValue",
"kms:Decrypt"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
EOF
}
Related[edit]
- AWS managed policy: AmazonECSTaskExecutionRolePolicy
- "ssm:GetParameters",
- "secretsmanager:GetSecretValue",
- "kms:Decrypt"
Terraform resource: aws_iam_policy, AmazonECSTaskExecutionRolePolicy
Advertising:
