github.com/in4it/ecs-deploy@v0.0.42-0.20240508120354-ed77ff16df25/templates/iam/ecs-deploy-task.json

github.com/in4it/ecs-deploy@v0.0.42-0.20240508120354-ed77ff16df25/templates/iam/ecs-deploy-task.json (about)

     1  {
     2    "Version": "2012-10-17",
     3    "Statement": [
     4      {
     5        "Effect": "Allow",
     6        "Action": [
     7          "ecs:DeregisterContainerInstance",
     8          "ecs:DiscoverPollEndpoint",
     9          "ecs:Poll",
    10          "ecs:RegisterContainerInstance",
    11          "ecs:StartTelemetrySession",
    12          "ecs:Submit*",
    13          "ecs:StartTask",
    14          "ecs:Describe*",
    15          "ecs:List*",
    16          "ecs:UpdateService",
    17          "ecs:CreateService",
    18          "ecs:RegisterTaskDefinition",
    19          "ecs:UpdateContainerInstancesState",
    20          "ecr:GetAuthorizationToken",
    21          "ecr:BatchCheckLayerAvailability",
    22          "ecr:GetDownloadUrlForLayer",
    23          "ecr:GetRepositoryPolicy",
    24          "ecr:DescribeRepositories",
    25          "ecr:ListImages",
    26          "ecr:DescribeImages",
    27          "ecr:BatchGetImage",
    28          "ecr:InitiateLayerUpload",
    29          "ecr:UploadLayerPart",
    30          "ecr:CompleteLayerUpload",
    31          "ecr:PutImage",
    32          "ecr:CreateRepository",
    33          "elasticloadbalancing:Describe*",
    34          "elasticloadbalancing:CreateRule",
    35          "elasticloadbalancing:DeleteRule",
    36          "elasticloadbalancing:CreateTargetGroup",
    37          "elasticloadbalancing:DeleteTargetGroup",
    38          "elasticloadbalancing:ModifyTargetGroupAttributes",
    39          "acm:DescribeCertificate",
    40          "autoscaling:DescribeAutoScalingGroups",
    41          "autoscaling:DescribeLifecycleHooks",
    42          "autoscaling:DescribeAutoScalingNotificationTypes",
    43          "autoscaling:UpdateAutoScalingGroup",
    44          "autoscaling:CompleteLifecycleAction",
    45          "logs:GetLogEvents",
    46          "ec2:DescribeTags",
    47          "cloudwatch:PutMetricAlarm",
    48          "cloudwatch:DescribeAlarms",
    49          "cloudwatch:DeleteAlarms",
    50          "application-autoscaling:PutScalingPolicy",
    51          "application-autoscaling:RegisterScalableTarget",
    52          "application-autoscaling:DeregisterScalableTarget",
    53          "application-autoscaling:DescribeScalableTargets",
    54          "application-autoscaling:DescribeScalingPolicies",
    55          "application-autoscaling:DeleteScalingPolicy"
    56        ],
    57        "Resource": "*"
    58      },
    59      {
    60        "Effect": "Allow",
    61        "Action": [
    62            "iam:CreateRole",
    63            "iam:AttachRolePolicy",
    64            "iam:PutRolePolicy",
    65            "iam:GetRole",
    66            "iam:PassRole"
    67        ],
    68        "Resource": "arn:aws:iam::*:role/ecs-*"
    69      },
    70      {
    71        "Effect": "Allow",
    72        "Action": [
    73            "dynamodb:*"
    74        ],
    75        "Resource": [
    76          "arn:aws:dynamodb:${AWS_REGION}:${ACCOUNT_ID}:table/Services",
    77          "arn:aws:dynamodb:${AWS_REGION}:${ACCOUNT_ID}:table/Services/*"
    78        ]
    79      }
    80    ]
    81  }