Comments (1)
@Defozo
good question!
The module creates the IAM role here https://github.com/cloudposse/terraform-aws-ecs-codepipeline/blob/master/main.tf#L28
data "aws_iam_policy_document" "assume"
does not say a user has a policy document, it's just a Terraform way to create policy documents instead of using JSON files.
This is used here https://github.com/cloudposse/terraform-aws-ecs-codepipeline/blob/master/main.tf#L31, converting it to JSON and specifying a policy to allow codepipeline.amazonaws.com
service to assume the created IAM role.
Same is here https://github.com/cloudposse/terraform-aws-ecs-codepipeline/blob/master/main.tf#L63 which creates a policy document, then creates a policy resource here https://github.com/cloudposse/terraform-aws-ecs-codepipeline/blob/master/main.tf#L60, then attaches the policy to the role here https://github.com/cloudposse/terraform-aws-ecs-codepipeline/blob/master/main.tf#L86
In short, you create:
- A policy document using
data "aws_iam_policy_document"
(which is just another format for JSON files) - A policy from the policy document
- Attach the policy to the role
Thanks
(will close for now, please reopen if you have more questions)
from terraform-aws-ecs-codepipeline.
Related Issues (20)
- Resources created when enabled set to false
- Several "unsupported" errors on running example HOT 1
- Please add example buildspec.yml HOT 1
- dynamic auth block bug from cloudposse/codebuild/aws/1.0.0 HOT 1
- Error running 0.11.0 HOT 5
- destroying the stack fails because S3 bucket is not empty
- github_repository_webhook: "name": required field is not set
- $CONTAINER_NAME Env Variable does not exist in CodeBuild HOT 1
- IAM policy is too loose HOT 3
- module treats repo_owner as an org, how to treat as user? HOT 1
- Use encryption at rest on bucket as default. HOT 1
- update required_providers in all module
- Support GitHub (Version 2)/CodeStar Source HOT 2
- Error: cache location is required when cache type is "S3" HOT 10
- Allow the module to configure secondary artifact sources in codebuild
- Dependency Dashboard
- Support build_type parameter
- support arm64
- Allow ecs inputs to be optional
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-aws-ecs-codepipeline.