Skip to content

Commit

Permalink
remove wild cards from iam policy
Browse files Browse the repository at this point in the history
  • Loading branch information
@nagagovindarajan
nagagovindarajan committed Feb 2, 2024
1 parent 13fbf30 commit 07f1325
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions examples/fargate/data.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ data "aws_subnets" "private" {
data "aws_iam_policy_document" "execution_custom_policy" {
statement {
actions = ["logs:CreateLogGroup"]
resources = ["arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:*"]
resources = ["arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:/aws/ecs/${var.name}/*"]
}
}

Expand All @@ -37,7 +37,7 @@ data "aws_iam_policy_document" "task_ecs_exec_policy" {
"kms:Decrypt",
]

resources = ["arn:aws:kms:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:key:/*"]
resources = [module.fargate_cluster.ecs_cluster_kms_arn]
}
statement {
actions = [
Expand Down

0 comments on commit 07f1325

Please sign in to comment.