search

aws / copilot-cli

The AWS Copilot CLI is a tool for developers to build, release and operate production ready containerized applications on AWS App Runner or Amazon ECS on AWS Fargate.
https://aws.github.io/copilot-cli/
Apache License 2.0
3.53k stars 417 forks source link

Feature Request: Support additional_policy in post_deployments Section #5939

Open ZeeshanZubair2 opened 2 months ago

ZeeshanZubair2 commented 2 months ago

Description

I would like to request support for the additional_policy property in the post_deployments section of the pipeline manifest. This enhancement would allow users to specify additional IAM policies for tasks executed after deployments, offering greater flexibility and control over permissions during the post-deployment phase.

Proposed Code Snippet:

Here is an example of how the additional_policy property can be utilized in the post_deployments section:

  update_migration_service:
    buildspec: /post-deploy-buildspec.yml
    additional_policy:
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Action:
              - ecs:ListClusters
              - ecs:ListServices
              - ecs:UpdateService
            Resource: '*'
    depends_on: [service_name]

Use Case:

In scenarios where post-deployment tasks require specific permissions not covered by the default policies, users would benefit from the ability to specify additional IAM policies. For instance, when updating ECS services or interacting with other AWS resources, tailored permissions can be crucial for successful execution.

KollaAdithya commented 2 months ago

Hello @ZeeshanZubair2 !

Can you use copilot pipeline override feature that will help you to add an new policy