This change tries to resolve a deployment issue resulting from the merge of https://github.com/wellcomecollection/catalogue-api/pull/775, which now requires the items API to read a new secret that it does not have access to. We add that permission here.
Ability to successfully deploy the catalogue service!
Have we considered potential risks?
We are extending access to this secret for all of the ECS tasks, strictly we should follow least privilege and only give it to the tasks and environment that needs it. This is a small enough expansion of scope for my to be comfortable in this case.
What does this change?
This change tries to resolve a deployment issue resulting from the merge of https://github.com/wellcomecollection/catalogue-api/pull/775, which now requires the items API to read a new secret that it does not have access to. We add that permission here.
How to test
Attempt a redeployment, does it succeed?
How can we measure success?
Ability to successfully deploy the catalogue service!
Have we considered potential risks?
We are extending access to this secret for all of the ECS tasks, strictly we should follow least privilege and only give it to the tasks and environment that needs it. This is a small enough expansion of scope for my to be comfortable in this case.