FIXME: try to add events:PutRule et al to profile

aagbsn · aagbsn · commit 27f9c59c62cf · 2026-06-11T13:43:12.000+02:00
I see AccessDeniedException; but this change doesn't fix it
diff --git a/tf/modules/scheduled_service/main.tf b/tf/modules/scheduled_service/main.tf
@@ -67,7 +67,10 @@ resource "aws_iam_role_policy" "events_run_task_policy" {
           "iam:PassRole",
           "ecs:StartTask",
           "ecs:DescribeClusters",
-          "ecs:DescribeTasks"
+          "ecs:DescribeTasks",
+          "events:TagResource",
+          "events:PutRule",
+          "events:PutTargets",
         ]
         Resource = "*"
       }
@@ -119,7 +122,7 @@ resource "aws_ecs_task_definition" "scheduled_service" {
       memory            = var.memory_hard_limit
       essential         = true,
       image = try(
-        data.aws_ecs_container_definition.scheduled_service_current.image,
+        data.aws_ecs_container_definition.scheduled_service_current[0].image,
         var.default_docker_image_url
       ),
       name = local.name,
diff --git a/tf/modules/scheduled_service/templates/profile_policy.json b/tf/modules/scheduled_service/templates/profile_policy.json
@@ -56,6 +56,16 @@
         "elasticloadbalancing:RegisterTargets"
       ],
       "Resource": "*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "events:TagResource",
+        "events:PutRule",
+        "events:PutTargets"
+      ],
+      "Resource": "*"
     }
+
   ]
 }

Original file line number	Diff line number	Diff line change
`@@ -56,6 +56,16 @@`
`56`	`56`	`"elasticloadbalancing:RegisterTargets"`
`57`	`57`	`],`
`58`	`58`	`"Resource": "*"`
	`59`	`+ },`
	`60`	`+ {`
	`61`	`+ "Effect": "Allow",`
	`62`	`+ "Action": [`
	`63`	`+ "events:TagResource",`
	`64`	`+ "events:PutRule",`
	`65`	`+ "events:PutTargets"`
	`66`	`+ ],`
	`67`	`+ "Resource": "*"`
`59`	`68`	`}`
	`69`	`+`
`60`	`70`	`]`
`61`	`71`	`}`