Adding policy to allow execute-command

adenot · adenot · commit d185f242d794 · 2021-08-26T02:04:26.000Z
diff --git a/iam-ecs-task.tf b/iam-ecs-task.tf
@@ -39,6 +39,18 @@ resource "aws_iam_role_policy" "ssm_policy" {
       "Resource": [
         "arn:aws:ssm:*:*:parameter/*"
       ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "ssmmessages:CreateControlChannel",
+        "ssmmessages:CreateDataChannel",
+        "ssmmessages:OpenControlChannel",
+        "ssmmessages:OpenDataChannel"
+      ],
+      "Resource": [
+        "*"
+      ]
     }
   ]
 }

Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,18 @@ resource "aws_iam_role_policy" "ssm_policy" {`
`39`	`39`	`"Resource": [`
`40`	`40`	`"arn:aws:ssm:::parameter/*"`
`41`	`41`	`]`
	`42`	`+ },`
	`43`	`+ {`
	`44`	`+ "Effect": "Allow",`
	`45`	`+ "Action": [`
	`46`	`+ "ssmmessages:CreateControlChannel",`
	`47`	`+ "ssmmessages:CreateDataChannel",`
	`48`	`+ "ssmmessages:OpenControlChannel",`
	`49`	`+ "ssmmessages:OpenDataChannel"`
	`50`	`+ ],`
	`51`	`+ "Resource": [`
	`52`	`+ "*"`
	`53`	`+ ]`
`42`	`54`	`}`
`43`	`55`	`]`
`44`	`56`	`}`