opentofu/examples/aws-ecs-alb/instance-profile-policy.json

32 lines
607 B
JSON

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ecsInstanceRole",
"Effect": "Allow",
"Action": [
"ecs:DeregisterContainerInstance",
"ecs:DiscoverPollEndpoint",
"ecs:Poll",
"ecs:RegisterContainerInstance",
"ecs:Submit*"
],
"Resource": [
"*"
]
},
{
"Sid": "allowLoggingToCloudWatch",
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": [
"${app_log_group_arn}",
"${ecs_log_group_arn}"
]
}
]
}