Closed MikeTheCanuck closed 7 years ago
Here's the policy document that is required to deploy a service to ECS. We will need to create the appropriate policy-group-user credentials for deployments. Adding to my infrastructure repo
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecs:DescribeServices",
"ecs:DescribeTaskDefinition",
"ecs:DescribeTasks",
"ecs:ListTaskDefinitions",
"ecs:ListTasks",
"ecs:RegisterTaskDefinition",
"ecs:DeregisterTaskDefinition",
"ecs:UpdateService"
],
"Resource": "*"
}
]
}
See https://github.com/hackoregon/hacku-devops-2017/issues/4#issuecomment-279118932
Tasks
Scenario 1:
DevOps squad member configures new ECS cluster for backend team to CD from their GitHub repo via TravisCI. Elevated AWS permissions required to generate the new ECS cluster.
Scenario 2:
DevOps squad member pairs with each backend team lead to configure code in backend repo, TravisCI config and entitlements for AWS IAM account to enable automatic Docker build to ECS cluster on every commit to master branch. We want to make it an automatic process to create and deploy a container by project developers.