@@ -39,10 +39,12 @@ resource "aws_iam_policy" "dagster_can_access_etl_database_secret" {
3939 Version = " 2012-10-17"
4040 Statement = [
4141 {
42- Action = " secretsmanager:GetSecretValue" ,
42+ # Action = "secretsmanager:GetSecretValue",
43+ Action = " secretsmanager:*" ,
4344 Effect = " Allow"
4445 Resource = [
45- var.db.db_instance_master_user_secret_arn
46+ # var.db.db_instance_master_user_secret_arn
47+ " *"
4648 ]
4749 }
4850 ]
@@ -66,12 +68,18 @@ resource "aws_iam_policy" "dagster_can_emit_logs" {
6668 " logs:PutLogsEvents"
6769 ]
6870 Effect = " Allow"
69- Resource = " arn:${ data . aws_partition . current . partition } :logs:*:${ data . aws_caller_identity . current . account_id } :log-group:/ecs/${ var . account_name } *:*"
71+ # Resource = "arn:${data.aws_partition.current.partition}:logs:*:${data.aws_caller_identity.current.account_id}:log-group:/ecs/${var.account_name}-dagster-ui-logs"
72+ Resource = " *"
7073 }
7174 ]
7275 })
7376}
7477
78+ resource "aws_iam_role_policy_attachment" "dagster_can_emit_logs_attachment" {
79+ role = aws_iam_role. dagster_execution_role . name
80+ policy_arn = aws_iam_policy. dagster_can_emit_logs . arn
81+ }
82+
7583resource "aws_iam_role" "dagster_task_role" {
7684 name = " ${ var . account_name } -etl-service-task-role"
7785 description = " Describes actions the ETL tasks can make"
@@ -102,9 +110,9 @@ resource "aws_ecs_task_definition" "dagster_daemon" {
102110 logConfiguration = {
103111 logDriver = " awslogs"
104112 options = {
105- " awslogs-group" = " /ecs/${ var . account_name } -dagster-daemon-logs "
113+ " awslogs-group" = " /ecs/${ var . account_name } "
106114 " awslogs-region" = data.aws_region.current.name
107- " awslogs-stream-prefix" = " ${ var . account_name } -dagster-daemon-logs "
115+ " awslogs-stream-prefix" = var.account_name
108116 }
109117 }
110118 command = [" dagster-daemon" , " run" , " -w" , " ${ local . dagster_home } /workspace.yaml" ]
@@ -116,7 +124,7 @@ resource "aws_ecs_task_definition" "dagster_daemon" {
116124 secrets = [
117125 {
118126 name = " DAGSTER_POSTGRES_USER" ,
119- valueFrom = " ${ var . db . db_instance_master_user_secret_arn } :user ::"
127+ valueFrom = " ${ var . db . db_instance_master_user_secret_arn } :username ::"
120128 },
121129 {
122130 name = " DAGSTER_POSTGRES_PASSWORD" ,
@@ -133,6 +141,7 @@ resource "aws_ecs_service" "dagster_daemon" {
133141 desired_count = 1
134142 launch_type = " FARGATE"
135143 task_definition = aws_ecs_task_definition. dagster_daemon . arn
144+ enable_execute_command = true
136145
137146 network_configuration {
138147 subnets = var. networking . etl_subnet_ids
@@ -159,9 +168,9 @@ resource "aws_ecs_task_definition" "dagster_ui" {
159168 logConfiguration = {
160169 logDriver = " awslogs"
161170 options = {
162- " awslogs-group" = " /ecs/${ var . account_name } -dagster-ui-logs "
171+ " awslogs-group" = " /ecs/${ var . account_name } "
163172 " awslogs-region" = data.aws_region.current.name
164- " awslogs-stream-prefix" = " ${ var . account_name } -dagster-ui-logs "
173+ " awslogs-stream-prefix" = var.account_name
165174 }
166175 }
167176 portMappings = [
@@ -181,7 +190,7 @@ resource "aws_ecs_task_definition" "dagster_ui" {
181190 secrets = [
182191 {
183192 name = " DAGSTER_POSTGRES_USER" ,
184- valueFrom = " ${ var . db . db_instance_master_user_secret_arn } :user ::"
193+ valueFrom = " ${ var . db . db_instance_master_user_secret_arn } :username ::"
185194 },
186195 {
187196 name = " DAGSTER_POSTGRES_PASSWORD" ,
@@ -198,6 +207,7 @@ resource "aws_ecs_service" "dagster-ui" {
198207 desired_count = 1
199208 launch_type = " FARGATE"
200209 task_definition = aws_ecs_task_definition. dagster_ui . arn
210+ enable_execute_command = true
201211
202212 network_configuration {
203213 subnets = var. networking . etl_subnet_ids
0 commit comments