Added iam user policy permissions to describe taskdef (#1119)

rajkpammi · PEFE · web-flow · commit bd1f549b4d97 · 2021-09-20T10:20:25.000-04:00
Co-authored-by: PEFE &lt;kiran.pammi@semanticbits.com&gt;
diff --git a/infrastructure/terraform/dev/iam-ecs-gh/iam-gh-ecs.tf b/infrastructure/terraform/dev/iam-ecs-gh/iam-gh-ecs.tf
@@ -0,0 +1,50 @@
+terraform {
+    required_version = "0.13.7"
+    required_providers {
+        aws = {
+            source = "hashicorp/aws"
+            version = "=3.52.0"
+        }
+    }
+}
+
+provider "aws" {
+    region = "us-east-1"
+}
+
+terraform {
+  backend "s3" {
+    bucket  = "qppsf-conversion-tool-tf-state"
+    key     = "qppsf/qppsf-iam-ecs-gh-tf-state"
+    region  = "us-east-1"
+    encrypt = "true"
+  }
+}
+
+data "aws_caller_identity" "current" {}
+
+
+resource "aws_iam_user" "github-actions-ecr" {
+	name = "github-actions-ecr"
+}
+
+#IAM policy to describe task definition
+resource "aws_iam_user_policy" "ecsgithub" {
+  name = "ecs-github-describetask"
+  user = aws_iam_user.github-actions-ecr.name
+
+policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        "Sid": "githubecs",
+        Action = [
+          "ecs:DescribeTaskDefinition",
+        ]
+        Effect   = "Allow"
+        Resource = "*"
+      },
+    ]
+  })
+}
+
