search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.68k stars 3.93k forks source link

codepipeline: EcsDeployAction missing ecs:TagResource #29400

Closed pahud closed 8 months ago

pahud commented 8 months ago

Describe the bug

According to the document, ecs:TagResource is required for the role but missing in our code:

https://github.com/aws/aws-cdk/blob/f0383d65c7cc8017c55ec9c9262d4a863bb63730/packages/aws-cdk-lib/aws-codepipeline-actions/lib/ecs/deploy-action.ts#L84-L92

Expected Behavior

The correct policy statement should be updated:

{
    "Effect": "Allow",
    "Action": [
        "ecs:DescribeServices",
        "ecs:DescribeTaskDefinition",
        "ecs:DescribeTasks",
        "ecs:ListTasks",
        "ecs:RegisterTaskDefinition",
        "ecs:TagResource",
        "ecs:UpdateService"
    ],
    "Resource": "resource_ARN"
},

Current Behavior

missing ecs:TagResource

Reproduction Steps

N/A

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

v2.131.0

Framework Version

No response

Node.js Version

all versions

OS

all

Language

TypeScript

Language Version

No response

Other information

No response

pahud commented 8 months ago

internal tracking V1285811012

github-actions[bot] commented 8 months ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.