ECS Deploy Runner Invoke IAM Policies module
This Terraform Module defines an IAM policy that defines the minimal set of permissions necessary to trigger a deployment event for the deployment pipeline implemented in the ecs-deploy-runner module.
Attaching IAM policy to IAM roles
To attach the IAM policy from this module to an IAM role, you can use the invoke_policy_arn
output with the
aws_iam_role_policy_attachment
resource. For example, the following
attaches the policy to a custom IAM role defined in the same terraform module:
module "ecs_deploy_runner_invoke_iam_policies" {
# (arguments omitted)
}
resource "aws_iam_role" "example" {
# (arguments omitted)
}
resource "aws_iam_role_policy_attachment" "example" {
name = "attach-ecs-deploy-runner-invoke-policy"
role = aws_iam_role.example.name
policy_arn = module.ecs_deploy_runner_invoke_iam_policies.invoke_policy_arn
}
Sample Usage
- Terraform
- Terragrunt
# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S ECS-DEPLOY-RUNNER-INVOKE-IAM-POLICY MODULE
# ------------------------------------------------------------------------------------------------------
module "ecs_deploy_runner_invoke_iam_policy" {
source = "git::git@github.com:gruntwork-io/terraform-aws-ci.git//modules/ecs-deploy-runner-invoke-iam-policy?ref=v0.59.1"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
# ----------------------------------------------------------------------------------------------------
# The name of the CloudWatch Log Group that is used to store the logs for the
# ECS Deploy Runner tasks.
deploy_runner_cloudwatch_log_group_name = <string>
# ARN of the ECS Cluster that is used to run the ECS Deploy Runner tasks.
deploy_runner_ecs_cluster_arn = <string>
# ARN of the AWS Lambda function that can be used to invoke the ECS Deploy
# Runner.
deploy_runner_invoker_lambda_function_arn = <string>
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
# ----------------------------------------------------------------------------------------------------
# The name to use for the IAM policy that is created.
name = "invoke-ecs-deploy-runner"
}
# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S ECS-DEPLOY-RUNNER-INVOKE-IAM-POLICY MODULE
# ------------------------------------------------------------------------------------------------------
terraform {
source = "git::git@github.com:gruntwork-io/terraform-aws-ci.git//modules/ecs-deploy-runner-invoke-iam-policy?ref=v0.59.1"
}
inputs = {
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
# ----------------------------------------------------------------------------------------------------
# The name of the CloudWatch Log Group that is used to store the logs for the
# ECS Deploy Runner tasks.
deploy_runner_cloudwatch_log_group_name = <string>
# ARN of the ECS Cluster that is used to run the ECS Deploy Runner tasks.
deploy_runner_ecs_cluster_arn = <string>
# ARN of the AWS Lambda function that can be used to invoke the ECS Deploy
# Runner.
deploy_runner_invoker_lambda_function_arn = <string>
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
# ----------------------------------------------------------------------------------------------------
# The name to use for the IAM policy that is created.
name = "invoke-ecs-deploy-runner"
}
Reference
- Inputs
- Outputs
Required
The name of the CloudWatch Log Group that is used to store the logs for the ECS Deploy Runner tasks.
ARN of the ECS Cluster that is used to run the ECS Deploy Runner tasks.
ARN of the AWS Lambda function that can be used to invoke the ECS Deploy Runner.
Optional
name
stringThe name to use for the IAM policy that is created.
"invoke-ecs-deploy-runner"