-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathecr.tf
26 lines (22 loc) · 900 Bytes
/
ecr.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# Add policy to the already created iam role of the nomad clients in the nomad cluster module.
# Policy-attachment that grants read access to AWS ECR for nomad clients
resource "aws_iam_role_policy_attachment" "irpa_ecr_read_access" {
# FIXME: Because of this constellation it is not possible to provide the ECR access configuration as module.
role = module.data_center.iam_role_id
policy_arn = aws_iam_policy.ip_ecr_read_access.arn
}
resource "aws_iam_policy" "ip_ecr_read_access" {
name = "${var.stack_name}-${var.datacenter_name}${var.unique_postfix}"
policy = data.aws_iam_policy_document.ipd_ecr_read_access.json
}
data "aws_iam_policy_document" "ipd_ecr_read_access" {
statement {
actions = [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
]
resources = ["*"]
}
}