Skip to content

Commit

Permalink
update ecs_task policy resource names to conform to naming convention…
Browse files Browse the repository at this point in the history 
…s, add comments to batch/variables
  • Loading branch information
@avrohomgottlieb
avrohomgottlieb committed Nov 4, 2024
1 parent cfde68e commit d308bc5
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 8 deletions.
1 change: 1 addition & 0 deletions infrastructure/batch.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ module "batch" {
# security
scpca_portal_db_security_group = aws_security_group.scpca_portal_db

# general configuration
user = var.user
stage = var.stage
default_tags = var.default_tags
Expand Down
2 changes: 1 addition & 1 deletion infrastructure/batch/job_definition.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ resource "aws_batch_job_definition" "scpca_portal_project" {
sizeInGib = 200
}

executionRoleArn = aws_iam_role.ecs_task_execution_role.arn
executionRoleArn = aws_iam_role.ecs_task_role.arn
})

retry_strategy {
Expand Down
14 changes: 7 additions & 7 deletions infrastructure/batch/roles.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ resource "aws_iam_role_policy_attachment" "batch_service_role" {
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole"
}

resource "aws_iam_role" "ecs_task_execution_role" {
resource "aws_iam_role" "ecs_task_role" {
name = "scpca-portal-ecs-task-role-${var.user}-${var.stage}"

assume_role_policy = <<EOF
Expand All @@ -44,12 +44,12 @@ EOF
tags = var.default_tags
}

resource "aws_iam_role_policy_attachment" "ecs_task_execution_role_policy" {
role = aws_iam_role.ecs_task_execution_role.name
resource "aws_iam_role_policy_attachment" "ecs_task_execution" {
role = aws_iam_role.ecs_task_role.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
}

resource "aws_iam_policy" "ecs_task_s3_access_policy" {
resource "aws_iam_policy" "ecs_task_s3_access" {
name = "scpca-portal-ecs-task-s3-access-${var.user}-${var.stage}"

policy = <<EOF
Expand All @@ -75,7 +75,7 @@ resource "aws_iam_policy" "ecs_task_s3_access_policy" {
EOF
}

resource "aws_iam_role_policy_attachment" "ecs_task_s3_access_policy_attachment" {
role = aws_iam_role.ecs_task_execution_role.name
policy_arn = aws_iam_policy.ecs_task_s3_access_policy.arn
resource "aws_iam_role_policy_attachment" "ecs_task_s3_access" {
role = aws_iam_role.ecs_task_role.name
policy_arn = aws_iam_policy.ecs_task_s3_access.arn
}
7 changes: 7 additions & 0 deletions infrastructure/batch/variables.tf
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,20 @@
# networking
variable "scpca_portal_vpc" { default = "" }
variable "scpca_portal_subnet_1a" { default = "" }

# job_definition envars
variable "dockerhub_account" { default = "" }
variable "django_secret_key" { default = "" }
variable "database_password" { default = "" }
variable "region" { default = "" }
variable "sentry_dsn" { default = "" }
variable "scpca_portal_bucket" { default = "" }
variable "postgres_db" { default = "" }

# security
variable "scpca_portal_db_security_group" { default = "" }

# general configuration
variable "user" { default = "" }
variable "stage" { default = "" }
variable "default_tags" { default = "" }

0 comments on commit d308bc5

Please sign in to comment.