feat: Adding IAM PassRole for ECS tasks as it is required for Fargate (#24)

kalosisz · web-flow · commit 37206c848f56 · 2021-09-15T21:09:56.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,7 @@ All notable changes to this project will be documented in this file.
 <a name="unreleased"></a>
 ## [Unreleased]
 
+- feat: adding PassRole for ECS tasks as it is required for Fargate ([#24](https://github.com/terraform-aws-modules/terraform-aws-step-functions/issues/24))
 
 
 <a name="v2.4.0"></a>
diff --git a/locals.tf b/locals.tf
@@ -250,6 +250,19 @@ locals {
         default_resources = ["*"]
       }
 
+      iam_PassRole = {
+        actions = [
+          "iam:PassRole"
+        ]
+        condition = [
+          {
+            test     = "StringEquals"
+            variable = "iam:PassedToService"
+            values   = ["ecs-tasks.amazonaws.com"]
+          }
+        ]
+      }
+
       events = {
         actions = [
           "events:PutTargets",
@@ -265,6 +278,19 @@ locals {
           "ecs:RunTask"
         ]
       }
+
+      iam_PassRole = {
+        actions = [
+          "iam:PassRole"
+        ]
+        condition = [
+          {
+            test     = "StringEquals"
+            variable = "iam:PassedToService"
+            values   = ["ecs-tasks.amazonaws.com"]
+          }
+        ]
+      }
     }
 
     # https://docs.aws.amazon.com/step-functions/latest/dg/glue-iam.html
