From 77dac12a450e259cbd8f7a36a3b957a6fc7bc727 Mon Sep 17 00:00:00 2001
From: Allan Denot <adenot@gmail.com>
Date: Fri, 13 Dec 2024 15:31:09 +1000
Subject: [PATCH] Add policy for ecs task for efs volumes

---
 iam-ecs-task.tf | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/iam-ecs-task.tf b/iam-ecs-task.tf
index 10526f9..d1342ab 100644
--- a/iam-ecs-task.tf
+++ b/iam-ecs-task.tf
@@ -95,8 +95,29 @@ resource "aws_iam_role_policy" "s3_policy" {
 EOF
 }
 
+resource "aws_iam_role_policy" "efs_policy" {
+  name = "ecs-efs-policy"
+  role = aws_iam_role.ecs_task.name
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "elasticfilesystem:ClientMount",
+          "elasticfilesystem:ClientWrite",
+          "elasticfilesystem:DescribeMountTargets",
+          "elasticfilesystem:DescribeFileSystems"
+        ]
+        Resource = "*"
+      }
+    ]
+  })
+}
+
 resource "aws_iam_role_policy_attachment" "extra_task_policies_arn" {
   for_each   = toset(try(var.extra_task_policies_arn, []))
   role       = aws_iam_role.ecs_task.name
   policy_arn = each.key
-}
\ No newline at end of file
+}