Document permissions and procedures to enable CD to ECS

[MikeTheCanuck]

See https://github.com/hackoregon/hacku-devops-2017/issues/4#issuecomment-279118932

Tasks

1. Document the procedures that will be followed by both or either of each project's (a) devops squadroneer and (b) backend development lead to deliver the results of the following two scenarios.
2. Document the minimum permissions necessary for each involved user/role to be able to complete the involved procedures.

Scenario 1:

DevOps squad member configures new ECS cluster for backend team to CD from their GitHub repo via TravisCI. Elevated AWS permissions required to generate the new ECS cluster.

Scenario 2:

DevOps squad member pairs with each backend team lead to configure code in backend repo, TravisCI config and entitlements for AWS IAM account to enable automatic Docker build to ECS cluster on every commit to master branch. We want to make it an automatic process to create and deploy a container by project developers.

[pdxdiver]

Here's the policy document that is required to deploy a service to ECS. We will need to create the appropriate policy-group-user credentials for deployments. Adding to my infrastructure repo

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ecs:DescribeServices",
                "ecs:DescribeTaskDefinition",
                "ecs:DescribeTasks",
                "ecs:ListTaskDefinitions",
                "ecs:ListTasks",
                "ecs:RegisterTaskDefinition",
                "ecs:DeregisterTaskDefinition",
                "ecs:UpdateService"
            ],
            "Resource": "*"
        }
    ]
}