Skip to main content
CI Modules 0.54.0Last updated in version 0.52.17

ECS Deploy Runner Invoke IAM Policies module

View SourceRelease Notes

This Terraform Module defines an IAM policy that defines the minimal set of permissions necessary to trigger a deployment event for the deployment pipeline implemented in the ecs-deploy-runner module.

Attaching IAM policy to IAM roles

To attach the IAM policy from this module to an IAM role, you can use the invoke_policy_arn output with the aws_iam_role_policy_attachment resource. For example, the following attaches the policy to a custom IAM role defined in the same terraform module:

module "ecs_deploy_runner_invoke_iam_policies" {
  # (arguments omitted)
}

resource "aws_iam_role" "example" {
  # (arguments omitted)
}

resource "aws_iam_role_policy_attachment" "example" {
  name = "attach-ecs-deploy-runner-invoke-policy"
  role = aws_iam_role.example.name
  policy_arn = module.ecs_deploy_runner_invoke_iam_policies.invoke_policy_arn
}

Sample Usage

main.tf

# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S ECS-DEPLOY-RUNNER-INVOKE-IAM-POLICY MODULE
# ------------------------------------------------------------------------------------------------------

module "ecs_deploy_runner_invoke_iam_policy" {

  source = "git::git@github.com:gruntwork-io/terraform-aws-ci.git//modules/ecs-deploy-runner-invoke-iam-policy?ref=v0.54.0"

  # ----------------------------------------------------------------------------------------------------
  # REQUIRED VARIABLES
  # ----------------------------------------------------------------------------------------------------

  # The name of the CloudWatch Log Group that is used to store the logs for the
  # ECS Deploy Runner tasks.
  deploy_runner_cloudwatch_log_group_name = <string>

  # ARN of the ECS Cluster that is used to run the ECS Deploy Runner tasks.
  deploy_runner_ecs_cluster_arn = <string>

  # ARN of the AWS Lambda function that can be used to invoke the ECS Deploy
  # Runner.
  deploy_runner_invoker_lambda_function_arn = <string>

  # ----------------------------------------------------------------------------------------------------
  # OPTIONAL VARIABLES
  # ----------------------------------------------------------------------------------------------------

  # The name to use for the IAM policy that is created.
  name = "invoke-ecs-deploy-runner"

}


Reference

Required

The name of the CloudWatch Log Group that is used to store the logs for the ECS Deploy Runner tasks.

ARN of the ECS Cluster that is used to run the ECS Deploy Runner tasks.

ARN of the AWS Lambda function that can be used to invoke the ECS Deploy Runner.

Optional

namestringoptional

The name to use for the IAM policy that is created.

"invoke-ecs-deploy-runner"