using managed policy AWSCodeDeployRoleForECS #105

kunduso · Oct 26, 2024 · 10f8e75 · 10f8e75
1 parent 1fb80ae
commit 10f8e75
Showing 1 changed file with 0 additions and 85 deletions.
diff --git a/deploy/code_deploy_role.tf b/deploy/code_deploy_role.tf
@@ -14,94 +14,9 @@ resource "aws_iam_role" "codedeploy_role" {
     ]
   })
 }
-#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy
-resource "aws_iam_policy" "custom_codedeploy_policy" {
-  name        = "${var.name}-code-deploy-policy"
-  path        = "/"
-  description = "AWS IAM policy for the code deploy role."
-  policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Effect = "Allow",
-        Action = [
-          "ecs:CreateTaskSet",
-          "ecs:DeleteTaskSet",
-          "ecs:DescribeServices",
-          "ecs:UpdateServicePrimaryTaskSet"
-        ],
-        Resource = [
-          "arn:aws:ecs:${var.region}:${data.aws_caller_identity.current.account_id}:service/*",
-          "arn:aws:ecs:${var.region}:${data.aws_caller_identity.current.account_id}:task-set/*"
-        ]
-      },
-      {
-        Effect = "Allow",
-        Action = [
-          "elasticloadbalancing:CreateListener",
-          "elasticloadbalancing:CreateRule",
-          "elasticloadbalancing:CreateTargetGroup",
-          "elasticloadbalancing:DeleteListener",
-          "elasticloadbalancing:DeleteRule",
-          "elasticloadbalancing:DeleteTargetGroup",
-          "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
-          "elasticloadbalancing:DeregisterTargets",
-          "elasticloadbalancing:DescribeInstanceHealth",
-          "elasticloadbalancing:DescribeListeners",
-          "elasticloadbalancing:DescribeLoadBalancerAttributes",
-          "elasticloadbalancing:DescribeLoadBalancers",
-          "elasticloadbalancing:DescribeRules",
-          "elasticloadbalancing:DescribeTargetGroupAttributes",
-          "elasticloadbalancing:DescribeTargetGroups",
-          "elasticloadbalancing:DescribeTargetHealth",
-          "elasticloadbalancing:ModifyListener",
-          "elasticloadbalancing:ModifyRule",
-          "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
-          "elasticloadbalancing:RegisterTargets",
-          "elasticloadbalancing:SetWebAcl"
-        ]
-        Resource = [
-          "arn:aws:elasticloadbalancing:*:${data.aws_caller_identity.current.account_id}:listener-rule/app/*/*/*/*",
-          "arn:aws:elasticloadbalancing:*:${data.aws_caller_identity.current.account_id}:loadbalancer/net/*/*",
-          "arn:aws:elasticloadbalancing:*:${data.aws_caller_identity.current.account_id}:loadbalancer/app/*/*",
-          "arn:aws:elasticloadbalancing:*:${data.aws_caller_identity.current.account_id}:targetgroup/*/*",
-          "arn:aws:elasticloadbalancing:*:${data.aws_caller_identity.current.account_id}:listener-rule/net/*/*/*/*",
-          "arn:aws:elasticloadbalancing:*:${data.aws_caller_identity.current.account_id}:listener/app/*/*/*",
-          "arn:aws:elasticloadbalancing:*:${data.aws_caller_identity.current.account_id}:listener/net/*/*/*",
-          "arn:aws:elasticloadbalancing:*:${data.aws_caller_identity.current.account_id}:truststore/*/*",
-          "arn:aws:elasticloadbalancing:*:${data.aws_caller_identity.current.account_id}:loadbalancer/*"
-        ]
-      },
-      {
-        Effect = "Allow",
-        Action = [
-          "iam:PassRole"
-        ]
-        Resource = [
-          aws_iam_role.ecs_task_execution_role.arn,
-          aws_iam_role.ecs_task_role.arn
-        ]
-      },
-      {
-        Effect = "Allow",
-        Action = [
-          "codedeploy:GetDeploymentGroup",
-          "codedeploy:CreateDeployment",
-          "codedeploy:GetDeployment",
-          "codedeploy:GetDeploymentConfig",
-          "codedeploy:RegisterApplicationRevision"
-        ],
-        Resource = [
-          "arn:aws:codedeploy:${var.region}:${data.aws_caller_identity.current.account_id}:*"
-        ]
-      }
-    ]
-  })
-}
 
 #https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment
 resource "aws_iam_role_policy_attachment" "codedeploy_policy_attachement" {
   role       = aws_iam_role.codedeploy_role.name
   policy_arn = "arn:aws:iam::aws:policy/AWSCodeDeployRoleForECS"
-  # policy_arn = aws_iam_policy.custom_codedeploy_policy.arn
 }