Skip to content

Commit

Permalink
add new permissions so that the role can create batch jobs
Browse files Browse the repository at this point in the history
  • Loading branch information
ssickles committed Apr 9, 2024
1 parent 959e8e7 commit e405595
Showing 1 changed file with 34 additions and 2 deletions.
36 changes: 34 additions & 2 deletions eventbus.tf
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,37 @@ locals {
eventbus_arn = data.ns_connection.eventbus.outputs.eventbus_arn
eventbus_name = data.ns_connection.eventbus.outputs.eventbus_name
scheduler_group_name = data.ns_connection.eventbus.outputs.scheduler_group_name
scheduler_role_arn = data.ns_connection.eventbus.outputs.scheduler_role_arn
}
scheduler_role_arn = data.ns_connection.eventbus.outputs.scheduler_role_arn
scheduler_role_name = data.ns_connection.enventbus.outputs.scheduler_role_name
}

data "aws_iam_role" "scheduler_role" {
name = local.scheduler_role_name
}

resource "aws_iam_role_policy_attachment" "batch-job-creation" {
role = data.aws_iam_role.scheduler_role.name
policy_arn = aws_iam_policy.batch-job-creation.arn
}

resource "aws_iam_policy" "batch-job-creation" {
name = local.resource_name
policy = data.aws_iam_policy_document.batch-job-creation.json
}

data "aws_iam_policy_document" "batch-job-creation" {
statement {
effect = "Allow"
actions = [
"batch:SubmitJob",
"batch:DescribeJobs",
"batch:TerminateJob",
"batch:ListJobs",
"batch:ListJobDefinitions",
"batch:DescribeJobDefinitions",
"batch:DescribeJobQueues",
"batch:ListJobQueues",
]
resources = ["*"]
}
}

0 comments on commit e405595

Please sign in to comment.