Fix aws-ecs-* task execution role permissions

mbarrien · mbarrien · commit 086e0d945569 · 2019-09-25T18:23:49.000-07:00
diff --git a/aws-ecs-job-fargate/iam.tf b/aws-ecs-job-fargate/iam.tf
@@ -19,7 +19,6 @@ resource "aws_iam_role" "task_execution_role" {
 # the specific ECR arn if applicable, and the specific cloudwatch log group.
 # Either pass both identifiers in, or pass the entire role ARN as an argument
 resource "aws_iam_role_policy_attachment" "task_execution_role" {
-  count      = var.registry_secretsmanager_arn != null ? 1 : 0
   role       = aws_iam_role.task_execution_role.name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
 }
diff --git a/aws-ecs-service-fargate/iam.tf b/aws-ecs-service-fargate/iam.tf
@@ -18,7 +18,6 @@ resource "aws_iam_role" "task_execution_role" {
 # TODO: Add support for giving permissions to ECR ARNs and possibly cloudwatch log group
 # Or provide ability to pass in own execution role ARN
 resource "aws_iam_role_policy_attachment" "task_execution_role" {
-  count      = var.registry_secretsmanager_arn != null ? 1 : 0
   role       = aws_iam_role.task_execution_role.name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
 }

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,6 @@ resource "aws_iam_role" "task_execution_role" {`
`19`	`19`	`# the specific ECR arn if applicable, and the specific cloudwatch log group.`
`20`	`20`	`# Either pass both identifiers in, or pass the entire role ARN as an argument`
`21`	`21`	`resource "aws_iam_role_policy_attachment" "task_execution_role" {`
`22`		`- count = var.registry_secretsmanager_arn != null ? 1 : 0`
`23`	`22`	`role = aws_iam_role.task_execution_role.name`
`24`	`23`	`policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"`
`25`	`24`	`}`
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,6 @@ resource "aws_iam_role" "task_execution_role" {`
`18`	`18`	`# TODO: Add support for giving permissions to ECR ARNs and possibly cloudwatch log group`
`19`	`19`	`# Or provide ability to pass in own execution role ARN`
`20`	`20`	`resource "aws_iam_role_policy_attachment" "task_execution_role" {`
`21`		`- count = var.registry_secretsmanager_arn != null ? 1 : 0`
`22`	`21`	`role = aws_iam_role.task_execution_role.name`
`23`	`22`	`policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"`
`24`	`23`	`}`