Add custom policy for data replication access

bogsi17 · bogsi17 · commit 66f6240b605f · 2025-05-28T11:44:36.000+01:00
diff --git a/terraform/data_replication/iam.tf b/terraform/data_replication/iam.tf
@@ -64,3 +64,25 @@ resource "aws_iam_role_policy_attachment" "ecs_task_fargate" {
   role       = aws_iam_role.ecs_task_role.name
   policy_arn = aws_iam_policy.shell_access_policy.arn
 }
+
+resource "aws_iam_policy" "data_replication_access" {
+  name = "DataReplicationAccessPolicy"
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "ecs:ListTasks",
+          "ecs:DescribeTasks",
+          "ecs:ExecuteCommand"
+        ]
+        Resource = [
+          "arn:aws:ecs:eu-west-2:393416225559:cluster/mavis-${var.environment}-data-replication*",
+          "arn:aws:ecs:eu-west-2:393416225559:task/mavis-${var.environment}-data-replication*/*",
+          "arn:aws:ecs:eu-west-2:393416225559:container-instance/mavis-${var.environment}-data-replication*/*"
+        ]
+      }
+    ]
+  })
+}
