Closed MikeTheCanuck closed 7 years ago
See the following policy document. Implemented for all "deployer users"
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecs:DescribeServices",
"ecs:DescribeTaskDefinition",
"ecs:DescribeTasks",
"ecs:ListTaskDefinitions",
"ecs:ListTasks",
"ecs:RegisterTaskDefinition",
"ecs:DeregisterTaskDefinition",
"ecs:UpdateService",
"ecr:GetAuthorizationToken"
],
"Resource": "*"
}
]
}
We don't want to grant "FullAccess" rights to ECS for the AWS IAM identities assigned to the TravisCI repo that builds each project's Django API container.