feat: Updating default ECS policies to allow for Tagging (#130)

serialh0bbyist · web-flow · commit 0e246a590122 · 2024-08-03T09:23:21.000-05:00
diff --git a/examples/with-schedules/README.md b/examples/with-schedules/README.md
@@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.27 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.53 |
 | <a name="provider_null"></a> [null](#provider\_null) | >= 2.0 |
 | <a name="provider_random"></a> [random](#provider\_random) | >= 3.0 |
 
diff --git a/iam.tf b/iam.tf
@@ -232,9 +232,12 @@ data "aws_iam_policy_document" "ecs" {
   count = local.create_role && var.attach_ecs_policy ? 1 : 0
 
   statement {
-    sid       = "ECSAccess"
-    effect    = "Allow"
-    actions   = ["ecs:RunTask"]
+    sid    = "ECSAccess"
+    effect = "Allow"
+    actions = [
+      "ecs:RunTask",
+      "ecs:TagResource"
+    ]
     resources = [for arn in var.ecs_target_arns : replace(arn, "/:\\d+$/", ":*")]
   }
 
diff --git a/iam_pipes.tf b/iam_pipes.tf
@@ -260,7 +260,8 @@ locals {
 
     ecs = {
       actions = [
-        "ecs:RunTask"
+        "ecs:RunTask",
+        "ecs:TagResource"
       ]
     }
 
