sparse-intern-71089
08/20/2020, 4:14 AMnice-airport-15607
08/20/2020, 5:03 AMquaint-guitar-13446
08/20/2020, 6:10 AMquaint-guitar-13446
08/20/2020, 6:10 AMnice-airport-15607
08/20/2020, 6:41 AMassumeRolePolicy
in https://www.pulumi.com/docs/reference/pkg/aws/lambda/permission/#basic-example
should look something like
[
{
"Action": [
"ssm:GetParametersByPath",
"ssm:GetParameter"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ssm:${region}:${accountId}:*",
"arn:aws:ssm:${region}:${accountId}:parameter:*",
"arn:aws:secretsmanager:${region}:${accountId}:secret:*"
]
}, {
"Action": [
"secretsmanager:GetSecretValue"
],
"Effect": "Allow",
"Resource":[
"arn:aws:secretsmanager:${region}:${accountId}:*",
"arn:aws:secretsmanager:${region}:${accountId}:secret:*"
]
}
]
for you…quaint-guitar-13446
08/20/2020, 6:52 AMquaint-guitar-13446
08/20/2020, 6:53 AMnice-airport-15607
08/20/2020, 7:04 AMquaint-guitar-13446
08/20/2020, 7:25 AMquaint-guitar-13446
08/20/2020, 11:53 PMexecutionRole
on the taskDefinitionArgs
for the fargate service.
The role is basically the ecs-tasks assumed role, with AmazonECSTaskExecutionRolePolicy
and AmazonSSMReadOnlyAccess
policies attached