This message was deleted.
# aws
s
This message was deleted.
b
you need to add a
RolePolicyAttachment
that allows ecr to your role, you're on the right track there
n
Do you mean this is all I need?
Copy code
const role = new aws.iam.Role("myrole", {
    assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: "<http://ec2.amazonaws.com|ec2.amazonaws.com>" }),
});

const instanceProfile = new aws.iam.InstanceProfile("instanceProfile", {role: role.name});

const server = new aws.ec2.Instance("webserver-www", {
    ami: ami.id,
    iamInstanceProfile: instanceProfile,
});
That compiles, but 1) doesn't mention
RolePolicyAttachment
and also, I'm not sure it's the right approach for enabling the EC2 instance to pull images from ECR. Am I on the right track?
b
No, I’ll send an example shortly just on dog walking duty
@nice-lamp-12786 you need to add the following:
Copy code
const rpa = new aws.iam.RolePolicyAttachment('ecr-access',
        { policyArn: 'arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess', role: role.id }, { parent: role }
    );
n
@billowy-army-68599 Thank you! I've never seen the
parent
thing... it looks like you are using
RolePolicyAttachment
to add 2 rules/objects? But what is the second one? And what is the
iamRole
in this context (in my code above, is it my
const role =)
?
b
parent just makes the output look nice. This only adds one
RolePolicyAttachment
- I've updated it to reference your role, sorry just copied and pasted it and forgot to edit, hope it makes more sense now
n
Oh, interesting. Thank you!