Skip to content

Commit

Permalink
Merge pull request #11 from brucehoff/prod
Browse files Browse the repository at this point in the history 
 IT-3951 fix GuardDuty container
  • Loading branch information
@brucehoff
brucehoff authored Dec 4, 2024
2 parents 321392c + 329ab7a commit db237ea
Showing 1 changed file with 24 additions and 1 deletion.
25 changes: 24 additions & 1 deletion docker_fargate/docker_fargate_stack.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,11 +120,34 @@ def __init__(self, scope: Construct, context: str, env: dict, vpc: ec2.Vpc, **kw
build_args={"stack":context} # 'dev' or 'prod'
)

# default ECS execution policy plus Guardduty access
execution_role = iam.Role(
self,
"ExecutionRole",
assumed_by=iam.ServicePrincipal("ecs-tasks.amazonaws.com"),
managed_policies=[
iam.ManagedPolicy.from_aws_managed_policy_name(
"service-role/AmazonECSTaskExecutionRolePolicy"
),
],
)
execution_role.add_to_policy(
iam.PolicyStatement(
actions=[
"logs:CreateLogStream",
"logs:PutLogEvents",
],
resources=["*"],
effect=iam.Effect.ALLOW,
)
)

task_image_options = ecs_patterns.ApplicationLoadBalancedTaskImageOptions(
image=image,
environment=env_vars,
secrets = secrets,
container_port = get_port(env))
container_port = get_port(env),
execution_role=execution_role)

cert = cm.Certificate.from_certificate_arn(
self,
Expand Down

0 comments on commit db237ea

Please sign in to comment.