Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make it clear to attach IAM policies to ECS task-role #5035

Merged
merged 2 commits into from
Jul 16, 2024
Merged

Make it clear to attach IAM policies to ECS task-role #5035

merged 2 commits into from
Jul 16, 2024

Conversation

t-kikuc
Copy link
Member

@t-kikuc t-kikuc commented Jul 12, 2024

What this PR does / why we need it:

Make it clear which role to attach IAM policies to because ECS's task-role and task-execution-role are confusing.

@t-kikuc
add note of task-role
1076b9e 
Signed-off-by: t-kikuc <[email protected]>
@t-kikuc t-kikuc enabled auto-merge (squash) July 12, 2024 06:56
khanhtc1202
khanhtc1202 approved these changes Jul 12, 2024
View reviewed changes
Copy link
Member

@khanhtc1202 khanhtc1202 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Warashi
Warashi reviewed Jul 12, 2024
View reviewed changes
Copy link
Contributor

@Warashi Warashi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about removing this line?

pipecd/docs/content/en/docs-dev/installation/install-piped/required-permissions.md

Line 49 in 7ca5c05

"arn:aws:iam::<account-id>:role/<task-execution-role>",

@codecov Codecov
Copy link

codecov bot commented Jul 12, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 22.42%. Comparing base (7ca5c05) to head (7664807).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #5035   +/-   ##
=======================================
  Coverage   22.42%   22.42%           
=======================================
  Files         522      522           
  Lines       56915    56915           
=======================================
  Hits        12766    12766           
  Misses      43123    43123           
  Partials     1026     1026

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@t-kikuc
Copy link
Member Author

t-kikuc commented Jul 12, 2024

@Warashi

How about removing this line?

pipecd/docs/content/en/docs-dev/installation/install-piped/required-permissions.md

Line 49 in 7ca5c05

"arn:aws:iam::<account-id>:role/<task-execution-role>",

It’s mandatory.
When a piped creates a new task, the piped needs to pass task-execution-role to the task.

@Warashi
Copy link
Contributor

Warashi commented Jul 16, 2024

It’s mandatory.
When a piped creates a new task, the piped needs to pass task-execution-role to the task.

Sorry, I misread.

As I understood, the Resource field at this line does not mean the role to which we add permission but the role we use to run the tasks.
So we need this line.

Warashi
Warashi approved these changes Jul 16, 2024
View reviewed changes
Copy link
Contributor

@Warashi Warashi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@t-kikuc t-kikuc merged commit 395d96e into master Jul 16, 2024
18 checks passed
@t-kikuc t-kikuc deleted the doc-ecs-iam branch July 16, 2024 04:45
This was referenced Jul 18, 2024
Merged
Merged
This was referenced Jul 29, 2024
Merged
Merged
This was referenced Aug 13, 2024
Merged
Merged
@github-actions github-actions bot mentioned this pull request Aug 26, 2024
Merged
This was referenced Sep 3, 2024
Merged
Merged
@github-actions github-actions bot mentioned this pull request Sep 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Warashi Warashi Warashi approved these changes

@khanhtc1202 khanhtc1202 khanhtc1202 approved these changes

@nghialv nghialv Awaiting requested review from nghialv nghialv is a code owner

@kentakozuka kentakozuka Awaiting requested review from kentakozuka kentakozuka is a code owner

@ffjlabo ffjlabo Awaiting requested review from ffjlabo ffjlabo is a code owner

Assignees
No one assigned
Labels
area/docs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@t-kikuc @Warashi @khanhtc1202