Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

codepipeline: EcsDeployAction missing ecs:TagResource #29400

Closed
pahud opened this issue Mar 7, 2024 · 2 comments · Fixed by #29401
Closed

codepipeline: EcsDeployAction missing ecs:TagResource #29400

pahud opened this issue Mar 7, 2024 · 2 comments · Fixed by #29401
Assignees
Labels
@aws-cdk/aws-codepipeline Related to AWS CodePipeline bug This issue is a bug. effort/small Small work item – less than a day of effort p1

Comments

@pahud
Copy link
Contributor

pahud commented Mar 7, 2024

Describe the bug

According to the document, ecs:TagResource is required for the role but missing in our code:

options.role.addToPolicy(new iam.PolicyStatement({
actions: [
'ecs:DescribeServices',
'ecs:DescribeTaskDefinition',
'ecs:DescribeTasks',
'ecs:ListTasks',
'ecs:RegisterTaskDefinition',
'ecs:UpdateService',
],

Expected Behavior

The correct policy statement should be updated:

{
    "Effect": "Allow",
    "Action": [
        "ecs:DescribeServices",
        "ecs:DescribeTaskDefinition",
        "ecs:DescribeTasks",
        "ecs:ListTasks",
        "ecs:RegisterTaskDefinition",
        "ecs:TagResource",
        "ecs:UpdateService"
    ],
    "Resource": "resource_ARN"
},

Current Behavior

missing ecs:TagResource

Reproduction Steps

N/A

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

v2.131.0

Framework Version

No response

Node.js Version

all versions

OS

all

Language

TypeScript

Language Version

No response

Other information

No response

@pahud pahud added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. p2 and removed needs-triage This issue or PR still needs to be triaged. labels Mar 7, 2024
@pahud pahud self-assigned this Mar 7, 2024
@pahud pahud added effort/small Small work item – less than a day of effort @aws-cdk/aws-codepipeline Related to AWS CodePipeline labels Mar 7, 2024
@pahud
Copy link
Contributor Author

pahud commented Mar 7, 2024

internal tracking V1285811012

@pahud pahud added p1 and removed p2 labels Mar 7, 2024
@mergify mergify bot closed this as completed in #29401 Mar 8, 2024
mergify bot pushed a commit that referenced this issue Mar 8, 2024
### Issue # (if applicable)

Closes #29400

### Reason for this change

Missing required action as described from the [doc](https://docs.aws.amazon.com/codepipeline/latest/userguide/security-iam.html#how-to-custom-role).

### Description of changes



### Description of how you validated changes



### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Copy link

github-actions bot commented Mar 8, 2024

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
@aws-cdk/aws-codepipeline Related to AWS CodePipeline bug This issue is a bug. effort/small Small work item – less than a day of effort p1
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant